Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 10:38
Static task
static1
Behavioral task
behavioral1
Sample
125919a63591cd4105ba7f8319cf9539_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
125919a63591cd4105ba7f8319cf9539_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
125919a63591cd4105ba7f8319cf9539_JaffaCakes118.html
-
Size
107KB
-
MD5
125919a63591cd4105ba7f8319cf9539
-
SHA1
045adc579a9a461f18aa2ff8d99f75b500e5c9e8
-
SHA256
9c7737492291957c52287ce0a95af8179f186be89ff86519cb324740e7c391e5
-
SHA512
73ea5ec1c8bccdee8a96447e93e24aafa42a10bb6781462908b7f0c2798627022c71b7d93c5c4d4633fe9a4931ff4b28e770cb4768bbd468255ab3bd0803f85f
-
SSDEEP
3072:l4pjecDJzX6xD03Y3oB7G8lFPQrqYJqMvOrGkhCckGtctwhsdE/x:l4pjecsaWE7L74mkjGiks96IO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4548 msedge.exe 4548 msedge.exe 4944 msedge.exe 4944 msedge.exe 5248 identity_helper.exe 5248 identity_helper.exe 3784 msedge.exe 3784 msedge.exe 3784 msedge.exe 3784 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe 4944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4944 wrote to memory of 2636 4944 msedge.exe 84 PID 4944 wrote to memory of 2636 4944 msedge.exe 84 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4984 4944 msedge.exe 85 PID 4944 wrote to memory of 4548 4944 msedge.exe 86 PID 4944 wrote to memory of 4548 4944 msedge.exe 86 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87 PID 4944 wrote to memory of 3620 4944 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\125919a63591cd4105ba7f8319cf9539_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbfd346f8,0x7fffbfd34708,0x7fffbfd347182⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:82⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7861951091222059780,18158756051630529431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3784
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
20KB
MD5397383c90a2d930f866f405747e27466
SHA17bb6b5d6cee104c877dc5c3462f61232ffe5b360
SHA256a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47
SHA5124357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5ff379986505203d7490f09ab804ad1c9
SHA12e94449c5897561fc69c3f810267de3ae718a26b
SHA256c5176d5e3b468e2a9f95dd67b8010be527b5f4a1ae862f51ee288a2e7ab69749
SHA5123d98b26e095696ab383e29cbf2e1bee4d939c22a82aed0871e65d485d027d8ec96c1252a3b870a33f3b9b76fd974dfc0c211e1187bec4281dd47f11aa80e1a47
-
Filesize
2KB
MD5499578a5f283e2efe13bbbf449a7c98b
SHA18b8dc6b13e7a8822ac0f730772fb19007ec487f1
SHA2566b382ce32adbf367e080b41d3145b51ac7ee66e6b3b067f87a18caf1e97c5dca
SHA51254a908d3f999c81e48665c06714ad1951b9b376f813b732a29506228010a9ed8d1eb792fb8519a3ee3b292bd6ef1def0c66797eb0fb81d839eab0a0d2fad395e
-
Filesize
5KB
MD5ac575cfd488f3a741d1432e736de96a8
SHA194415f352b55b324e999148b0563476bb7b434da
SHA2564074233cbc9acb34d85d353340a19e966ccd40230cb9b5876b4294b4dab85146
SHA512ad744bc17687f7aeae5dfebe46ea28a380284a694d937c800ccabce37a7162e0fa514e6a1847e71131d00c08f558dc9c5ef0a54497f3f313661d14a685e9f405
-
Filesize
6KB
MD5839f58198312b6ccd5fd83a49cae0b85
SHA188e3ec345cdd7f1ff1b5881be7c86ea18b8c2d4f
SHA25625062523ea9aa9a92b7968c3995d0bc22f4f596cd46f8a255be65023725eeb4c
SHA512f55642bc4a424c515920d8e753ea559f98fc262977a0e70862528518dd9d9518df9941678ae08fea1a67d9854eadd6308a6d60c6bdbb70a9c762a88ce2ccdb77
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58328748d6f011adbf3b275bce7941456
SHA1da134bb577406f7e312f7441b521b0658270f288
SHA256a61860f4bee3ad7c95b86832f4d171020c69b2438567491d3b6778083130dbc8
SHA512867b3e9a9bd2c8f5d65157bddf215304a8979a624ebd3cf65de8e27898fd7c895fe6e55fdc4fc55c731995b2d15783da87b316f48598127f76613c269323c0d9