Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 06:11
Static task
static1
Behavioral task
behavioral1
Sample
238c7e1ebd8e9aae07a2a45eb162b33e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
238c7e1ebd8e9aae07a2a45eb162b33e_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
238c7e1ebd8e9aae07a2a45eb162b33e_JaffaCakes118.html
-
Size
57KB
-
MD5
238c7e1ebd8e9aae07a2a45eb162b33e
-
SHA1
5f55be58fe54a045f212b804d25b2bdf1abeafb4
-
SHA256
7c76f5d451917fd7f5a1e8a02abccb83f98983962f0f057a7858c699852eab73
-
SHA512
e689f134dbb3c0db838c4d3d45a0798ec56295f2150c5765badb3f885c1e69cf9e7054f7455f20a0c26268401b529047598c578b052c002dcc00fb610ec1d02f
-
SSDEEP
768:Su/yhyv+JZUKbnEjTIIMZYXTPOOcAaTi4urvoO/EzbR:SYyhyv+JZUKbnEj0WXTOJGDoO/Ez9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4176 msedge.exe 4176 msedge.exe 452 msedge.exe 452 msedge.exe 3084 identity_helper.exe 3084 identity_helper.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe 452 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 452 wrote to memory of 4624 452 msedge.exe 83 PID 452 wrote to memory of 4624 452 msedge.exe 83 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 3252 452 msedge.exe 84 PID 452 wrote to memory of 4176 452 msedge.exe 85 PID 452 wrote to memory of 4176 452 msedge.exe 85 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86 PID 452 wrote to memory of 1368 452 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\238c7e1ebd8e9aae07a2a45eb162b33e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe071a46f8,0x7ffe071a4708,0x7ffe071a47182⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:82⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11233043113343025426,15568811212477997603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5e3fd13438e9588d9c8bb9b55da928a3e
SHA15091e82a7c7b71fa01fab032d89cb780954e4416
SHA256444b8326335627ace5a06c1144a4e9b9ecd0894589152623a13ee903e7e5b98d
SHA5123ddab9e9341e4485b1e56360a5a6ff8aff8d351cc03d6676b93399f3e61adadd3799b3c83dbc9c773e1e98ee0952aa628ab5001831ce3d575243bf243fd50bbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD525d20b71b0319d3d63cdde26ff8ca9da
SHA1b3d8d5d0abdf7bea87fa328a0ee6be56004533f8
SHA256849174f5a519652d9cdd6af194d2f559b36813f64155863a9f2251dbf3d9b97d
SHA512ee498f86d9b9d918cb63b2ac6e2bdc2ee41a8ab96c5e2d4acc62aeb7fda6beeecf9f406b0efe4e6c4ea19f5bd4d9ce1137540b1aa4331b7c11e6d28576b629f7
-
Filesize
1KB
MD559984c5544cab2321cd4081cddcae8f9
SHA1bcf35c7e37851271e011fce1d8ee840c7bd03569
SHA256015549e3c4343ad39251614e0c60df9f0d043d36b8afab098b402866b09879b6
SHA512518aeda4c55e855b8668ba8d9b732b44c35dd3ce1149dd948e7f24582504525c8bec39d8a19290a0d42dd679803f497b1fa274d389c7911899a03c002d969496
-
Filesize
7KB
MD538a0cd34953f1f9d48794346b689a3f4
SHA16337216c4d74dd9a0bbd3062c1cd0b99908c8d12
SHA256fe20c705c6c0dfa79246bf9f3ab5309d9971c5fcd706e16354d1ffa1bea27473
SHA5126057c93f7d1b400ffee5fcda74a57a86318be9b14554298d006c9e4b91fe789553fea852c30ab823b89c6f50ebb623fd406deccfce66d7f8ec9aa149dcfa5fa6
-
Filesize
5KB
MD574494ce9e2ba91f9e7e75e23c040f239
SHA1671647905c8324f4abda058f1beb34cc29c9388c
SHA2561884555224d2bae3ca485e6338b0474deffb7eb0f217505a5c0b669af20bfa21
SHA5129c9702c08da9db713d9a47bb7d285ea7f37e9b93d049569279d4425de45844f48ca468d3a9f59a046d31503ddc596094fdd22dc70f17f06c552f3f5ea25f77f8
-
Filesize
7KB
MD58bd547102157c6c8677fecce89903be0
SHA161999e8a5dacee1687d9646e7969475d3dba0a63
SHA256dfcaa830cd4517d9bd8562a829e3f55b62d96e0578859a5564e3f587c4ca06c5
SHA51252e8c3ed90e902021145012518b6225ba4ddb0c7a3cbcc7e48e86fd606a2b488be08c02b47a924fa7a22b8882cd26ab5c80c384ac6a7e36743ef6f1288bcf519
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ea00541c6fbb5d85bd204509faae70e2
SHA11bc9457f64bd253681e2eed52ee5b34b3818fff5
SHA2560be29d99983df025a37613b2474cc7b2e1f7163aa505743e3200f52f2ed4d1f7
SHA5121409565d4c33b86b6e720b2dc6dfef0aac9c55dc2ba832ad64a21c9443394436e255a1dcaf9890ae66111f929a93da8a3963585a81679ed919aed566547ef08a