Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 02:29
Static task
static1
Behavioral task
behavioral1
Sample
159289608a2d2de8cf27d0a52d37d055_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
159289608a2d2de8cf27d0a52d37d055_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
159289608a2d2de8cf27d0a52d37d055_JaffaCakes118.html
-
Size
36KB
-
MD5
159289608a2d2de8cf27d0a52d37d055
-
SHA1
7c45ae3af2aba775463991a313758180fddcb3fd
-
SHA256
8b565fc3ed40ece66ecf30feba629d5e6635755183f2bfa9636f6cf5b66bddb9
-
SHA512
17ae0990c275b8058def499c2da8d5c35c96232f7691037a3bffb4e031d45d66c6b5d5066a970f5ff8f7bca8c364483ec5418796c8ad04492b76643f8c741c03
-
SSDEEP
768:fbLrrsNt69LYVYfw02T7HyByMjPJvzUACcg6AvskN48Z9jBX+45pvTZ9uws:DPrsNt69LYVY40muJvzUB3pN4OjBO454
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2380 msedge.exe 2380 msedge.exe 5112 msedge.exe 5112 msedge.exe 1344 identity_helper.exe 1344 identity_helper.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe 5112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5112 wrote to memory of 452 5112 msedge.exe 83 PID 5112 wrote to memory of 452 5112 msedge.exe 83 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 3972 5112 msedge.exe 84 PID 5112 wrote to memory of 2380 5112 msedge.exe 85 PID 5112 wrote to memory of 2380 5112 msedge.exe 85 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86 PID 5112 wrote to memory of 3864 5112 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\159289608a2d2de8cf27d0a52d37d055_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a0046f8,0x7ffb8a004708,0x7ffb8a0047182⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:82⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:82⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15569887673417404237,16298155675584258989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3244
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD598073fe66acde20179dbabfb35bdf429
SHA16289f5f880dcc0bbe9a2da4f77a22806eb749fe3
SHA256fc86a333df3b60c2570460e1ccc6d6c96b7f8d5040644cf9bb6e2cc524edfb10
SHA51281d2b05c5baffd43bb9512de1fd87efaed94ec0adb5624fed82114d91e1f9501903e83aa62bc66abcedfd9a79660e870a689364a4b51aba4d836eec6769837fc
-
Filesize
993B
MD5c0583afc2463eb4726da2661aea4868f
SHA18dcdc35d74f72d067c64c2e6398706da663dd9db
SHA256b1047dffe9a1feb3dcd5a80c40bffa989a36108fdda0282aa5438fb0c3554db6
SHA5126534bc74bcdb949518f1b4f3f8ee01710ce69c616108d25aa3d69e2576065f5ba2d333a850a2d0f06cc3d5bc180ca7761b1285e994a51042d27d766942ca2e43
-
Filesize
5KB
MD5a11f14c0d999abb1e21086fc6f02ff75
SHA1cada4f5f2a8e857d1801900af2a06799b65708d0
SHA25692e11f539a62a0af6904edc21ec7d070d32e02a18d7409064fb9d2169d60d3e5
SHA512ab45575fdbb1baa22ef966c28c841962e8456f34ea5e160ec49cd901e829d596fa2a389290a00e19e749e69fe06b0b1e58a8862ce8a5f53aea8fb2f3587d34ea
-
Filesize
6KB
MD59775189c3c92f679b6c02f26f45061dd
SHA1b45579d636b4b4b47f8e79293b3ebb4a05737f0a
SHA256690a45b5e0771d07377d9e2dd7773921d7d84204329d13addc7759ba529a7e90
SHA5128297f6568ff19a88bf2792bc219117d781c90eb94a502ea21037c70875cd6903ce197f21c854571cd34780dd9602db0524ba4d9417dde8b058600a56483135e4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5af64642d1e70db4713c7d2de618dc006
SHA15742217b38b2aebedf96bb05a850ad7f505223b9
SHA25624394dc7853295815dfd60b180e9e90df78a13c236878270f22e8661e63702b4
SHA5124455d8d692aa75884b3bf7dc1be4de5a876662a93b6940db4df55eccd4a75e3513b1895b4a5061472167588370c90579c1a56919b57a0da44a7d0978985073e4