Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 23:14
Static task
static1
Behavioral task
behavioral1
Sample
318636ecaf20295f116d5d1e19a8beb3_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
318636ecaf20295f116d5d1e19a8beb3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
318636ecaf20295f116d5d1e19a8beb3_JaffaCakes118.html
-
Size
50KB
-
MD5
318636ecaf20295f116d5d1e19a8beb3
-
SHA1
b2116414e1d769935c12636096e61be35e14a5fe
-
SHA256
045752be2865dc8cc27b11bc93766df719438aebc56143f1dca1071e4eb7ba78
-
SHA512
79807cfeec1f784af47037a653c125f7ea3a1861d0c617092b1dc05102275b592bba25239bb68bef21f2a9302c24f7003c43d3dd9766cfef9790b0b66d8c2a7b
-
SSDEEP
768:DRMigOriWNcaSoagGTrPfXLS4vkMIzwDRDw6ZJwHam2SZ4:DRMt/FrPfRFZJwHaD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3652 msedge.exe 3652 msedge.exe 4480 msedge.exe 4480 msedge.exe 4988 identity_helper.exe 4988 identity_helper.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4480 wrote to memory of 3816 4480 msedge.exe 81 PID 4480 wrote to memory of 3816 4480 msedge.exe 81 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3596 4480 msedge.exe 82 PID 4480 wrote to memory of 3652 4480 msedge.exe 83 PID 4480 wrote to memory of 3652 4480 msedge.exe 83 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84 PID 4480 wrote to memory of 4244 4480 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\318636ecaf20295f116d5d1e19a8beb3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb533747182⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,189624280229472488,11182627478315924435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD51d6abaf7f287e96b2b6c4cfad8b1b2b8
SHA1b75d564cbfcd1202ab18a1343255a1a2ee48fc7e
SHA25691e9bd866962735f85f223a4e7c027fce1b7acd1de7f63ded383504393fb0766
SHA5120ad2735c04aab7bf97b61e5f27381d614e1273d6ca324d0be7f03d076a822367301e5df27eab375fec93d1d9ec349e6f73ee80e67b26e549b113cf41a86fefcd
-
Filesize
929B
MD561b65f4feeedd756fc4168aa253716a5
SHA1ccac13be603adb462b4fc722549bb6d104be48eb
SHA256007e2e3b61c27220f00bce21ea8c3246c09460e8edd93a27aee12486c15e4d94
SHA512153c50cfec1b893dffc07644f940eb8ac7f20ff505683ef9b5da8b6abd62f7938f0cdeb707e750ba3384e05eb194cec70fa66033166cf33be151475ef8a70389
-
Filesize
929B
MD58fec8730ee8ce060775f8fcf2b0fc9de
SHA16283ebcc6f539d0e6308939a57bc8596a557d96a
SHA256af55c1a727a82bd26d2ae44d6cb69c8fb40d87d21094e19fef56d193e498ee71
SHA51202138e9bdd4da90e9b7f8b08547dd26d65d04358b883ae65068b7583567ff1563e43c3e27695755c9175c0be2eb66b75d5bb5a34f03e0bcaec0cfd3a967876ce
-
Filesize
6KB
MD5cdad9c3a5cfa2699e3c873673d4dc1d3
SHA178d78ff43a67acb1ed4fc059d0bd4d489ab54f36
SHA256386e0ba41b6b0659033841288c27016f6d9b6e70be74b682fadf746ea28ab747
SHA5122a2f7c575b3a07155d274c396a5594ed06ce982c4460ccb13eb710d384f1642ef1d757c577104e4f12baf2f2e2c778ae55b9078a44e92efce0e58e5e5b92ca50
-
Filesize
6KB
MD59f73c9df92e9cdc89b6eb624350f406f
SHA1c991d1309411c8ee0c1c51a8beb101032a023b0a
SHA2561bbbd2c7769e16afe967f1e885862db97e579daf7316a53830520acd5a15271d
SHA5128715107734de1a8f04e12fe41b89c5eca9d7f5d3e0c99c7c3bf06879c3054e54787ac91be41ddd8c980ec3679de2500165a362955e5f9b1a882f5cfe74ce0d21
-
Filesize
6KB
MD530bc55b4f87db553783477a2a2224d27
SHA11a163c2ddba155938d8fbe9d690e53b697545133
SHA25624142b4a4b155352f94f0475cea39af2efa37242c1ce3411c426f8275db4a2b9
SHA5128521b638d575f8dd8a52afa22ffa4185ef4f2f125fc178e7cfffec0bccb0c7f68e190e8b46b61bf7e97e36127b4a04ed2803d6b7cb79a4fde6d8440d13fefca1
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD531c53e799b8d30cb0caaadea190d1e76
SHA1b1bb40b937dcd7154758b26a76f5f03f3b05ecfe
SHA256046a24635048a6fe51d00681d1891c25b6bc2f7e86c6d008ecbc697d4d686029
SHA5124b3e0cadc4d15ea9bf61dfcecddca76a98d329d6228ab3f0903475a54837df8bdbfdac074b90f098dd5e30723c37fbd545036d3f48048ae26a5ace301aabb944