Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 08:21
Static task
static1
Behavioral task
behavioral1
Sample
291780c39d656651fe8d31551979a1a2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
291780c39d656651fe8d31551979a1a2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
291780c39d656651fe8d31551979a1a2_JaffaCakes118.html
-
Size
147KB
-
MD5
291780c39d656651fe8d31551979a1a2
-
SHA1
1d03db7db4d372b775ed57c6d7e9e0fcc153f497
-
SHA256
a2598d2fe99dce0d98e7a8e228ff268eaec5b3c0c39d3de7a1b72e1e7e989eb1
-
SHA512
61c483c37b614967e86128872fd1de28e366b8dba566dfaf2bfd42243d231a88946b3a266b115e2b4a566c2054cdf7eb099dedbb790e55aac0f5357e68dc762d
-
SSDEEP
1536:u1pq6L1qlnsm++J70APCtR105HXiHJDlalN68aWLQ0pyBwnI:tP010gpDlalN68aWLQ0p0d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 660 msedge.exe 660 msedge.exe 2960 identity_helper.exe 2960 identity_helper.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 660 wrote to memory of 1692 660 msedge.exe 82 PID 660 wrote to memory of 1692 660 msedge.exe 82 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 1204 660 msedge.exe 84 PID 660 wrote to memory of 2484 660 msedge.exe 85 PID 660 wrote to memory of 2484 660 msedge.exe 85 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86 PID 660 wrote to memory of 4296 660 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\291780c39d656651fe8d31551979a1a2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe47182⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2852454047539435352,3954020723016806072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD51fd4fc8c52ad0188d571fe6a698ebc0d
SHA1db4dc902af9b1970b5dd05d516b5301435508e88
SHA256138175fce283b7fd5707d0e0530396a5a9e7a8f9e5cdd944904c888c7cb53ab2
SHA512db0836e929584ec4c04073c1eb7445305d14a0163e9c5c58f7a36ac6a14b3394a39c41aaf0986255713bce3a5ce125298201c61004492184dafb29b42ddcaad5
-
Filesize
1KB
MD5454eaf4e7731586306ff423b3b46b3a4
SHA146dab21272a88bea323c5be5dc0d6be5f7086660
SHA256fe9c61e72255c106a95065b3c9b3ebbbe2313b405a8ff79389652639dca5f2b0
SHA512965314f0eba7be28e7121ebd033e09af4b6c0d61d349a3a8ae432ecbddd26e7bc86bd95bcd2dffb095b77406e1b0e251a939f2cc19160f602e2ffb63cf5b0948
-
Filesize
6KB
MD5424ae60954e49708d4725eb3e753709d
SHA1bb1762da498780e60133bf6b013e841000f5dc71
SHA2562b1fec69809b0562ece89f5dabc630491dc204f26ebd26e624dabbcbf6df6cf5
SHA51227dd204ad3aaceeea21dc23f6629ee1c3f09598099520a4b1ea49edae89798b436d5e378ab7894574dc90e30a24a259f34adcff9745454ace548588a443374de
-
Filesize
6KB
MD5b7beb00c6b844769e85ebdfa536bb1db
SHA1193fdd74d68d7ebe559f3d3464b600fa60607688
SHA256fef770eeb8a1016b3e965f8f7424fcfab958ecfcf6a1a969cdf62d0c2f9f2985
SHA512db680ada8d3e302d10d6804936ae0e9a43675c2398d8126e5ad8dfe705afbbebca59086697e84ce92a02288fc692186d71403adf7911c29e6f2ab727ab05e6cb
-
Filesize
6KB
MD5b6bb8c191502c602c05774f61d8bc080
SHA1f611c0a02f1264e0337ce459e34d9c32c9b02041
SHA256d5a438c986f57a98b21f075221aafe4d57189eb6ab05a1cc5491c3363c707dd7
SHA512b7c27c8bb52839d4386affef47ad10f2374aaace7dc5da429623df06e1f80d06127fe4fe8c3f88126b227011033976454345d5a647533284754671fd7730483d
-
Filesize
704B
MD570bc98893ef157b6a8ff747dc9163b05
SHA16b4cd2921d54d21374424ab77343df9675613acc
SHA256065f841fb2dff3a99038a35db07a461aa63f962c1b0c3c6b70bf3c77f463f59d
SHA512327949e495ca386727166575d4ccd15ff3e58b7bf9728ce344d831102d0da20b0b49e7fdd7ca70b0476820cbb3ac31220da1e6777e50ef5d471867e8496df3c2
-
Filesize
537B
MD5f68e5f7d4ba2ed70d70c59a78bde08a4
SHA104164ea0acff26ef8c0625c046c4f978df595c7b
SHA256685c96cb1a74d0d13def4fe67766b08cf7e16cb6507d7c3c25e77afffcb64a09
SHA512aeb320dea442912f15de54c00bc1562638f637cb6f9b861100dcebf6d8de1795f8cb3053165ae6692788386f6dcf7d97c9ec3207068ecd747711d5be578bb9c4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD54d9966d326a9dcea21e67be07ee6e3f3
SHA1a210e318e572830022fea4e97b57a6545d2cb9ff
SHA2565207ae8150282f17c652c9beca07ad562d5ec39656b7c97bb849dfb15fe8af92
SHA512733039cc1b12c851448153b65bbf6c3155a9b2a3d898201bd1398eab7207810d86a73756c0d43e1f5d426142fa5cef7fa215c19f3cd6a5394e8760ca1a5cd44f