Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 09:52
Static task
static1
Behavioral task
behavioral1
Sample
296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html
-
Size
39KB
-
MD5
296a7c59ed7f149e68ad9ac0daec4afb
-
SHA1
8eaffcf568e4246409a5ff0edfc5da2749080933
-
SHA256
73ae157eb5a2ace55c3b7539c7c1089223f251ea55c70ca2b8f464444c1dcf17
-
SHA512
7066f74cd79f324a3ab6c472b0a4fe819a356a088f23c41fbeb288e0f96931ba92ab37a7a5d9e7cdbdac5b5af652e7d7620a49c8d14c917a053519dda1df98b7
-
SSDEEP
768:S8zNuvqCHCQPCSC0CtCD9bD2YfLbbGKTw:S8puvq+Hl9g+jGJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1496 msedge.exe 1496 msedge.exe 2996 msedge.exe 2996 msedge.exe 4356 identity_helper.exe 4356 identity_helper.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2132 2996 msedge.exe 83 PID 2996 wrote to memory of 2132 2996 msedge.exe 83 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 4312 2996 msedge.exe 84 PID 2996 wrote to memory of 1496 2996 msedge.exe 85 PID 2996 wrote to memory of 1496 2996 msedge.exe 85 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86 PID 2996 wrote to memory of 2960 2996 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c547182⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1148
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5aac98a47ffadc284f0fdaa2190e5cc3a
SHA1310cbd5bf2552f4660a3e3479a96b6739d914f7d
SHA25631bc96c1d894c3e66736e3777126d00a196836c6a11d8486510d3ff8e74f8e48
SHA5127556bb6fd84847b788d8a3a4969468cc854b2c9453fa1f919615d8c9f968074abd37052f98c4ba4e7b94d28161063a5ca74e0cc0eabd0fc71f079893de18d368
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5f9fd975bfbc38150bba64e07eeb5ed48
SHA1cbfe63a394d2378ffdc4bd4325546a1e9454ae34
SHA2567b375eb6417ef08bc064903397bcc8d36099f0e6b8693184d7d4f53a092880fb
SHA5127ab578e46c727ed1cae926e7a8d9e611343a0d2017e5cdb22e8fccbe87303e18ddba66e49f8785f17072d135dfa8db71db61bc6c8228c02a418756333699afc1
-
Filesize
1KB
MD578f60fe79e5f36a504668bed46e48d23
SHA12178f85eda810da44fb2d45c52ff29bbe30941e6
SHA256a7f4734e5817d7aa5e653a5993521151e17a2fcd78374d59d4c37f313603e372
SHA5122069d3f8ef78143f59d162219c36280b13af3c6fdc935de57e9bc9b062adedbf6bcc6c17f8b23172d6bb51dd951f1a7ae0703d7d8077a1d8a8ab07355c64686a
-
Filesize
7KB
MD5654ecf164f5a869458228d0fe852865d
SHA1b388a07641a3ef153b4c3255060bbf71e62ad61d
SHA256efcbf461b7d5abf82046d342c7f912e50144cc63bc53dd91b0b06f2076ec2207
SHA512c38e3d497bed32309972661dd749afde6c9a530bdb8f9717f99f10f76076b9924c9c14c864a56a9aba05bf25cb7651215056534a878ad2679a4bb3e4ab0ff7a6
-
Filesize
5KB
MD5eff0d167fc07b0892017ce2424dd43ff
SHA135af3510525dedadc8dd12e0bac4493b63af3fce
SHA25689e1778166a3ea2e0616bf5eb63b56032b7f2dbb91d3152725437464dd131e8d
SHA512564eff919080d34dd459cd57999c86ccd7e6563609b5e7fb769ff6f5a6b2a71326e727c5fa06d81e349a8f481c548e3791d1207e513cee03be8fef9999186880
-
Filesize
7KB
MD5ef8ba529be137e45c5fc30982f903edc
SHA19dbab9f84aae38a280f8113cb96a5af20f1642a0
SHA2566b32b301665dd04da382aa775c27e04796e9cd3685ee811e517c11124f97ec58
SHA512a814e13b5938c06459cdbc2c7c957e82de62ed1081bebc523c61bca9e3b10f2af8a9a35da7ab3f10592552e98b5fa5468868086bac7fe7b9174e19e12ba1ac6e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f345759ab8cea0f71a0109efaf64ac79
SHA1c805daeee545dc93fc431e078808ec78ccf11ac7
SHA256bf6fb5b5bd20290a5297ffe16c354c6c743dd8e796495aa685edcc419fae8c4b
SHA5121925780815fde5033b5ee4b721ba5728d89a1c7aa383e58e4550769d8b0bbbc57c1c6957a6361d752d8c44a1c34089a04b759f284b0a78943ea38e5269cfc4b5