Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
06/05/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
1eba4a898ea971679ca39fc70ec87cbd_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1eba4a898ea971679ca39fc70ec87cbd_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
1eba4a898ea971679ca39fc70ec87cbd_JaffaCakes118.html
-
Size
549KB
-
MD5
1eba4a898ea971679ca39fc70ec87cbd
-
SHA1
3bde4f01cc020dfccc7187972f9782814e8e4fe1
-
SHA256
d6b8aec1d3119b9ba8bd2c4655299683a2c7cd95e6856f6fea695d2d9c959a81
-
SHA512
115bc962de6cd3cbf40ec6912cff09ee16d2c5b63048bb175e3732d106174cfd71324bb39be7e3d8031009fd5d194c4a7b8bdca6c05527d491c0a01129141817
-
SSDEEP
3072:wa+IpBxYUViUga8DN9zfs49PwVeL5AmPtmBcM2mq71a:wa+IpBx34tLTM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2888 msedge.exe 2888 msedge.exe 624 identity_helper.exe 624 identity_helper.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2888 wrote to memory of 3052 2888 msedge.exe 84 PID 2888 wrote to memory of 3052 2888 msedge.exe 84 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2640 2888 msedge.exe 85 PID 2888 wrote to memory of 2012 2888 msedge.exe 86 PID 2888 wrote to memory of 2012 2888 msedge.exe 86 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87 PID 2888 wrote to memory of 632 2888 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1eba4a898ea971679ca39fc70ec87cbd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd13c246f8,0x7ffd13c24708,0x7ffd13c247182⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:82⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1432 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18174041755095756346,7479315012682184294,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5688 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3596
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7a50222e-06a1-41ee-a55b-eae20878e795.tmp
Filesize5KB
MD52b4fd509dbca7d4200b6412abd804be9
SHA1a54f445ee53963c75afd19a6f33d3a28c413dec4
SHA2566da54e229f59c54660da48bd666150e0a9583b8773b585c519a9775060ca7c93
SHA5122f7ce9a9a4b6cf973fc8f62ff275de907b926fd95fc658aa1078c7bc82cc656959c30058dcd002f220c67f806476c69fd19a1499c3a5b7c565b460c1c07a0cbf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD57e9fec786f09ea62502f80adb1c36c9a
SHA1210faa053cc7d3d5498593c980d2624ebbb7815c
SHA2560740c99fe1dfdbcdb8f9082fdd7fbc09027b1cf885d06949863c20a8e05bc80a
SHA512eb841b81f4418593aef7dffab1515c9488737aa545b0b8f39bb481aa2dec4b9b4ed3db73bfdb1f441537f507e718d724bc0180a7079491178debdf5153f54341
-
Filesize
1001B
MD59d883be495cb45998445219202b9e907
SHA12b3fb54a547e83cf6872010b8ea5ab56086c825e
SHA256c4906cd8c07d9ab9ca0147934b33f6c6d24d8ab3001e8b35559f7401c209ea52
SHA51255ed50c4878605846a3add5476b511f9a4e81efbb1883c0eba7f13ba36755834d93be9120d50a7e7fa614909130dcf109956d0b388c61ac7c0b038ebb7d07e59
-
Filesize
7KB
MD5d1a700a10258a37ae15a457ce03b0981
SHA14155012aac2c28492e50ff0ca92f0b5f34d8718c
SHA2565f4c0bcd3af80833da74eda9a9466e6a995d7497564a9bfbdccb5e7765112c5a
SHA512efb535989c3c7272f44cb8ce08b507faa5c2d2ab777247d56a450486cb2b98de0b34a79107242277c4d2e7c9816e5dfb279b391eced54df43369b108771e4216
-
Filesize
6KB
MD5c15cc931d12ec2e08c44b34dffbbf949
SHA13f104aa524ecc9f00fbee1486e6e7bc82346f3cb
SHA256c0141c4c1e2882372fff1ec2dd4a603ff7d34f744c8f802120d2be87dccf1eb7
SHA51233c74cda985114f08e40982d67f5c8b567e90019c959443e1d8ef0e6409184805863c55be0e64c29b100c4f49b676472530c1049368424feea40a90c7424510a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD583958ef591a87b8d462f79a6e6ff66ee
SHA14467ff7a7ba82d4238552ff5c9ab778d11b3ed27
SHA2560f83b04e8cb8cfe001eb7c388e97c1f07c6c02e41e93cb5d35dbf3b57e97a866
SHA5125975e322538c912e6b03eda51179a9d43d809dd85c3fa3e39d740add16570d14d491397a535ab6b9417aa284373abdb740715fbb6066c03d91c7043f0b3ef438