Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 11:46
Static task
static1
Behavioral task
behavioral1
Sample
12976f0e06bae2b4c06cc3b2ea184b09_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
12976f0e06bae2b4c06cc3b2ea184b09_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
12976f0e06bae2b4c06cc3b2ea184b09_JaffaCakes118.html
-
Size
76KB
-
MD5
12976f0e06bae2b4c06cc3b2ea184b09
-
SHA1
ea9e5ca49285dc0cb631c28bc22774a456ab610d
-
SHA256
3eb100b9d9c7925d46a09f5b2bb96783c11d62e99e47e1486860ab1304426189
-
SHA512
af3d8b2f8d29b8a1c86392d107f9fd7c586c5641211de6bf4bce6c10b596ca38333790872a789cdd4e8e1acafa849bca1c028390c473136641d843bff035db7b
-
SSDEEP
768:b02TFaGR9yS9g79H2/9Wq69GD9sS9Sv9cn9zkY9mAmzzTt:b02e1p2MqVyL2hvo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2976 msedge.exe 2976 msedge.exe 4028 msedge.exe 4028 msedge.exe 2356 identity_helper.exe 2356 identity_helper.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe 4028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4028 wrote to memory of 4780 4028 msedge.exe 83 PID 4028 wrote to memory of 4780 4028 msedge.exe 83 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 3396 4028 msedge.exe 84 PID 4028 wrote to memory of 2976 4028 msedge.exe 85 PID 4028 wrote to memory of 2976 4028 msedge.exe 85 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86 PID 4028 wrote to memory of 3172 4028 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12976f0e06bae2b4c06cc3b2ea184b09_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff453f46f8,0x7fff453f4708,0x7fff453f47182⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13114471799427504548,7865818357562523468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4332
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5c9b57ae2222e1310001e137c4f44d586
SHA105a358a770cedee43f519685ac2276ad5909f31c
SHA256d3f95251621b106b4a111dbc44860ac868c905286548ea260931b33950ef0d07
SHA51239e53f05c00ad011f995b6ab41300fce56f03556361cf1100ac2fcad64a09084d9be65d9fcf79dd3b336e69b363a0ea4fe429dffcdd6f7cad0ba82889b14fa87
-
Filesize
1KB
MD53fda8696aaca572d8466ac03ccd29df1
SHA1a2c987da996544e39c767a71403e854d3fc8afe3
SHA256569852415e1b6affebb61bf9cb9260215b33dd402fd18e5ba4e267481cd2733b
SHA512855714bf5b828011b94d692fda2262cf51b311777ec9d8edf98c083bd683177a3268942b47582244ea4d5a3b07b741846744b21005a832caf78d752200099ac0
-
Filesize
1KB
MD535f7e27926e4be92b68d63ac09b0764b
SHA1b0a96396d463b18ea19aaa279019d9e733fb6415
SHA2563c45d7e2e387679149b3eb9b417e908503489e6caff8da3830e3179c3280bf43
SHA51239e36df005d3fe36f6ef067dd12ebfee1048e1be04c7fa927bb8dfea18ea7752f9db53a32ae510ecacbb64e6f8b334de2f7045cd079bb7197720471b57402ed6
-
Filesize
6KB
MD53a24128c05e49fe7b703903ea5df7ba3
SHA16a7ef5aca2233ee9f430f8f0d0ec7014502ed3dd
SHA256ee5e62c7129fd3408237041e7f53107fb35ef6fb722f8e8339968ace7c6054dc
SHA5123070e8da33aebad53efc56714b703dc425e6b2487f446a2bcc3ba8d24c0313fb6ad434c39c9d931dad1ff492ccb3bbe68e5aa4f56309d6045293160632899bcf
-
Filesize
5KB
MD5faf9bb57f636a65e5cde5685994c6c5c
SHA15d5cb48172532fb9b993314a2d897bfc403a9bd3
SHA2568f50743f2bd74013abe41516bccb3fee6e8def78328d6799cfcabb76c4ee8ebf
SHA51231859d9f0956ebcfd6c68ac07b1c93199c501835931977b39b018fc37d16b1eeb81ca8901d4b497392605b6cea8e97ddbcd3e4b00bdcea4596ea3a5c5d8d4c9a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD507cbe8351d3b18fbaf5f0b8bdd6539aa
SHA100ec9423e4d3ded1bc2eee91f4bb9320eac6e78a
SHA2567ce5e295a997f4881f2c460a20f8755d0ef237ec4bf4d3990652d67eca7ae560
SHA5123f61e9955f458bf893b2772be60472c983232a28337edf8e23d8670c634d004250e9ba1d5341a5ad645c2ffa89efcad650db89bbbe77f22984efb14f0fcb582b