Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 15:40
Static task
static1
Behavioral task
behavioral1
Sample
20f490ff4ab2450cb19a906031d43aa8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20f490ff4ab2450cb19a906031d43aa8_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
20f490ff4ab2450cb19a906031d43aa8_JaffaCakes118.html
-
Size
64KB
-
MD5
20f490ff4ab2450cb19a906031d43aa8
-
SHA1
d39efbdfe9132a2ef3587605aaa698558435c13d
-
SHA256
4d4153b52c19e9d34e1c4347edda9c83ba61147f8b8504ddac850a633d3bfe14
-
SHA512
c3e9e2922f3d649735937a0e57c1621a399635462e26b969df29a565e3c674c53fa84a0ae7aec5a3e6758c760161b4a79b0477d0848ac5e076bbd048aab65f56
-
SSDEEP
1536:3Ez3rqgATJkAcg1Yz1PD0y803f5tgjalj7cM:G3rn1PD0y803f5tgjalj7cM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1760 msedge.exe 1760 msedge.exe 5116 msedge.exe 5116 msedge.exe 2576 identity_helper.exe 2576 identity_helper.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5116 wrote to memory of 2176 5116 msedge.exe 83 PID 5116 wrote to memory of 2176 5116 msedge.exe 83 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1776 5116 msedge.exe 84 PID 5116 wrote to memory of 1760 5116 msedge.exe 85 PID 5116 wrote to memory of 1760 5116 msedge.exe 85 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86 PID 5116 wrote to memory of 396 5116 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20f490ff4ab2450cb19a906031d43aa8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffc2acd46f8,0x7ffc2acd4708,0x7ffc2acd47182⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:82⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15546049787590465534,18383942748587701027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:772
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
Filesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD54c0ec08333eefb84c88f186d8780299e
SHA1fa1d6bea8b09ed0a182a7a362505d0bbfaa6e319
SHA256406a07e985f68f45ce2603619510f8e688dce3b8e343db7da16382bbdb07cc76
SHA512d84f1d959d67677414c15f7620e57c7db7398977f98259102723d7b4773fdbc6a2a851b07020900890f70758d13f33889dd9d605dbac54a8252ef94094d547b3
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
786B
MD57ab110bc205171b0659625d542284738
SHA144b4bb89052f04937380afbc712e27b8d35ebf62
SHA2569b9e2d8a808e7b7db4da4dd2d87059f67defebd6b61fc2b78ddf03b2ee30724f
SHA5123cda59c05fc209a8ada7cb9b783ec5282c11f6a5554fa233a5da916b25ef9590664cd03f30ee42ce97cdaad9258286f6da6135cf5cd8000ea9e389fca7c9dea6
-
Filesize
6KB
MD5676a9824886bd99c1d51c68b39febd46
SHA19b9378367d57da5da473b8caa4a6025ab3afb4d8
SHA256564804a33c391ca73f2069bec8cbdfb765c75a40887d5cb49f94a5ffac11078c
SHA5124779a44ba7dba78627883560505671974920e4228376665c0a3c81f8c627d10f3e945922ea05033874399a57e07027fca59fc3626d8e1eb86a4b0d9664446bc5
-
Filesize
5KB
MD53c77f62453341d634ff4186f7f6d6a54
SHA13dc46821afad383db4be2eccc4e89de54d9c7b4e
SHA256d1d483a69c85f377e3705708e050deec2b31220acb6e617ab745f472cc1b09ab
SHA512f3687f2254848c09ecf9fd18c5a4597ef7cf3916209c5984411dab3608f537a74fcd68c50c2cef02271d7919869f250258d9789a9fa595aa35699e64c3694e44
-
Filesize
6KB
MD554bfd7ca8d96e3b45dbe62015cfd7891
SHA13b8e41b0ff5eb443900c014c523781be0dbcbf12
SHA25615fdbc4c48999848d8b5a90adac9bcb1c3424151d960f558dd92a1c7e784cd21
SHA512d041b11c7421965ddd5986362115393e804fa55a2063b0f37ff43f436892af1093c0fa4ad10db540673438e489096dde158f586d74f57c5427923f1f4e24709a
-
Filesize
6KB
MD5602ba682aa9400c33ba77a64fe4385c8
SHA1ffc6476de49b8f25093eb1785f8ba057c192fec0
SHA256bc159d6585ca04ddc47e562df3237e01d63f668a77f127b180e1b539c7459f9f
SHA5124afe75bf36a3d92f1c3ae89ddbb5dcb872d26d0676ad71a9b200a807fb7d6411252b15417be97d9d81cc5059459943cad5f94922fdceb144368ead4de183d07e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD557742cdaf1a5e617db957f30f04170e4
SHA1e2195158db24afefe3c8c0f17531bfe721f77ac5
SHA2567fa2c36027b8a261512002c8c7f8b995e94a28e7dd39200ee3c10859b8eecb3c
SHA51230e889dae3205db0aba56d727e0ac72ac9e1e1b9758b9acae39fbcf8a8a86b01a8ae918f1131d5830b268ea8ce44988dadf34b222ace8c152898efd723b74a99