Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 07:01
Static task
static1
Behavioral task
behavioral1
Sample
23b98c31d97b492ad67cc593e8850443_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23b98c31d97b492ad67cc593e8850443_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
23b98c31d97b492ad67cc593e8850443_JaffaCakes118.html
-
Size
91KB
-
MD5
23b98c31d97b492ad67cc593e8850443
-
SHA1
8e346cea4ce951b2250f6d4b80170e6a69d6c072
-
SHA256
9a6df2521d668af30772e40d89da50ec66184aa9382f57f4ddeb03b959ccaa9b
-
SHA512
f99961837d75e5ca00847984c1ee2ce2a3a8be9c1e8c433f589db641f3c2046d0d6722e4d53bb03d8c3544d5779683ee6353a9bff06ea158992ecb390e710313
-
SSDEEP
1536:QaQcfxcx9Cn/2qgdOlA22Lh3wjsHtggb5vXV0b2hGJ:GcJcWwX22Lh3wjsHtggb5NW2hW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2880 msedge.exe 2880 msedge.exe 2980 msedge.exe 2980 msedge.exe 540 identity_helper.exe 540 identity_helper.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2980 wrote to memory of 3024 2980 msedge.exe 84 PID 2980 wrote to memory of 3024 2980 msedge.exe 84 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 908 2980 msedge.exe 85 PID 2980 wrote to memory of 2880 2980 msedge.exe 86 PID 2980 wrote to memory of 2880 2980 msedge.exe 86 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87 PID 2980 wrote to memory of 1604 2980 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23b98c31d97b492ad67cc593e8850443_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda12646f8,0x7ffda1264708,0x7ffda12647182⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3216920601716824944,8608687048692300246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5c2dd2e2836aac40e3550bbfa9f759c18
SHA16def094812f1472d02c1d8d217bf69c5e6bd2668
SHA256be40e1de5f782d7b277454dc6304cf5d2fbc8844b5c0eecf4d39aa9068d4d9da
SHA512104295dbb9e5e287d0e5b481086ed838e4dd752517378ae6cb87c27ed92da1a697bd277837ded1a86cb3f7e69e0e31d62fb69deb322ab88e24c12699f0634956
-
Filesize
894B
MD5d6cd873b88c47eb2a15c5193940a9aa4
SHA169ee28d873c5736aae6921c075e2ee6f32a766d2
SHA256849145e51d790f8ed82cca8c7cc501e6d5d400929518092f0e3ed987e12bff88
SHA512c2df3b0c42e5b58d30a15a9410d2da58bf1337e7fd69c696ec1f19216525fe79361b2bf48a746902732e4e0ea59d459dc44f7abbc3edb29693ba65bf57b7c661
-
Filesize
5KB
MD54ad4715f269d64bfe7426fbe6b2ea786
SHA1cd89bbc5c9f9bbf91ecdfa33351494023aea1a3f
SHA256735858749c84ec7bf1f11527ff703c88cdd764c881ac5850356aab909ba965ad
SHA51261362b8cf0e8e8a4b18772872d7a0a00a82e5b1be5688b332959e9809383a9501f14e5dbcf867d6227ee4ba0db32ce09b40ba328e712f6d2777ee3913560354d
-
Filesize
6KB
MD5afaaf14d73d3825adf7b3af0aebf5dd5
SHA12d4f2e9eed02471c468f5f41e2420a0cf2f3533a
SHA2563978858ad1c8b5f6f103fa3803b2cf58da0cb7d887e3c191533e7de4e287b4f4
SHA51290332f467d7e983e1711df69713d271a566ee4642006687a737b6148eff45effa287cb91e610dbcb7284ecf822e3bd0764b270cb7b77e779904a20a105817163
-
Filesize
6KB
MD5767726dcf4305b0de4fda1451f404134
SHA154af0c78b6e784d526480519386d385902cc1ba3
SHA256943f2b8379924f4950ce195ce66f1886685fb649aff44fde6a764c0620e8a463
SHA512ccd969f9f646938a21cb4ec68dab68a9e7cdffe5dc76458445578540285665c83ecc28538c3e9951996643858bba7416099240f07e647d68ca436a87c443a2d4
-
Filesize
6KB
MD51c4bd5f849758555be877ab2a2b7d244
SHA1402a690dc2461938f3adf8377a84e6ca731a5912
SHA256b4da9937118b5cd6635382583ae7f469e5a886ac6668bcc6aa3d3af5fe79d265
SHA512e72cd0bdb9312384066b9a6df72c7dc41e84775cb5e71a13fa3118e255d01ee808b7cbc1447fb246bc3af9df33fdf6ebb6b088146fb47ed7fa417bf729b6d3b6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d78a2baea7fa7dc07957604bea357085
SHA1c7aa2707071d1cdb5bc5567fa8b5cf97879d3671
SHA2567c385445e990b76f87f380a921e3758b92ac31ee83fb98debfddf2e7a8c8b312
SHA51282a4afc7e48f8b4c001b955ff5e090bd0711781e560528f930a3c0f587a0635c7aaec0b1a8778d0973c73eff93e541cd866170248cb3361680ede4d71ed66245