Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 06:40
Static task
static1
Behavioral task
behavioral1
Sample
23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html
-
Size
52KB
-
MD5
23a5e55b908d66f765ca222ea3eadbd3
-
SHA1
85576442e12869ebcca084a2e5b8b5146702eb10
-
SHA256
abdf0b659b2ebcb50c65583e06317463969b84812cd5e8f1b6248aed202690f7
-
SHA512
15e82bef513c445aa79a183bbd80929a4a03e8dbfbda737b6ee30553de46a9dba6eaa0efde3a48495fea145822db8d4d54858ceb77f7911b83f4d2f79f461c27
-
SSDEEP
384:SvY6vOYtzImIR4cqsYGt2juXawmK000wZOJvityblrPhSKp4I+71sqX:SvY6vKSuXIbl7gKSI+Rs4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3880 msedge.exe 3880 msedge.exe 64 msedge.exe 64 msedge.exe 4296 identity_helper.exe 4296 identity_helper.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 64 wrote to memory of 3732 64 msedge.exe 83 PID 64 wrote to memory of 3732 64 msedge.exe 83 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 5080 64 msedge.exe 84 PID 64 wrote to memory of 3880 64 msedge.exe 85 PID 64 wrote to memory of 3880 64 msedge.exe 85 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86 PID 64 wrote to memory of 3336 64 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e4646f8,0x7ffe7e464708,0x7ffe7e4647182⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:82⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4256
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5eb9348f167c187ad1425fd8ac59de467
SHA1407a5762acf6ad255144417d6e5cad02230f8a43
SHA256e4cbe8aa2f823528850b141179bd65c95d4aa51c99052c1c08a531add818a906
SHA512888ba2b4a496690d57f0ac97e095944b9375aa4a80db2e236de567754211ba45f3cbea443c39ee5f149436cf039927663924f6981431092b4727e48c15cfd2d8
-
Filesize
1009B
MD5667b76e1ae19e4af639a7dab5c567ac9
SHA18ba25978d375fba514c6d710c7d2572fb8073849
SHA2569edadb301562d089c45308b280b0612bc0d9bdc0b883eaa4ef927982347d78e8
SHA5125991c09cf897752a31aac601718c05593255085b9d5df6890dac600793b6acfad9be38511db5488e4d8c357a39518307d902dc9f760c4437ebe501269d18223c
-
Filesize
7KB
MD5f2d05dea3af0c1d154cbcde64a8f5f70
SHA1deedd0bd1385c49b8835c88c4f68e93bbe0f2688
SHA256abfde586167a67b658f9d26aa366d4c56824da7c649ca134a36f9db961558955
SHA51227eb3011bc4f5b6fdb932368a7c3a8bd07c3f44a0945aa422555d1dbb5ffade1c477a0c2518a11c95ccc4597d5e2fab66ba9954aaaddabb3ca221446c6192567
-
Filesize
7KB
MD5eb24f77bb182d2c79af9a571985867e2
SHA106ca21e4c6096e16e9191647347d274cd1608d7e
SHA256d89d011ef3bc6316682f57079c64fcbac794b17eed1ebae91cc3767b5f2843b3
SHA512e6570fa429c33518917f965fa262335b9f2e428ad1cdb3b507cc46bdf116c1c217786f79d010d4cc3dbe905bd28c6233345999d9ad67ce4f8e3993bbec9bfe5b
-
Filesize
6KB
MD5115f9199d5f926db2958064ec78983d2
SHA1d73eb2287f8a52590c2ac195396f3b500168d99e
SHA256e38f75f538af6882e5db07b858047d0edbcee61936ca527a2911699d714792ed
SHA5123758b1b28e9cafd50c8f1363ba107260d40927231c7815eecabf2fab61dad7014e7407f3db74523205fbe7d9ed792891a5d63a33d0f42437505ba04381301059
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b4c9e86b3583b7a8c63f537cf253bca5
SHA1230266fa140eb2bb19da6e54470907a6c1d160a8
SHA2561941bd45dca3a99140100fcd61f9ca48c8b146417f965f2094c44718b7dcdda3
SHA512b217dd78ede55b0a4795bcf6e1737f3c8214700bf9a56f32f86c53bc94091f3f8dcba62bddb3949d5c6cdc481a9ba2c6a3bc7e191dd1ab5b4ad390bc74a1db91