Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11/05/2024, 18:44
Static task
static1
Behavioral task
behavioral1
Sample
3602b16e1c6f0f4ef5c28d599262e888_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3602b16e1c6f0f4ef5c28d599262e888_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
3602b16e1c6f0f4ef5c28d599262e888_JaffaCakes118.html
-
Size
190KB
-
MD5
3602b16e1c6f0f4ef5c28d599262e888
-
SHA1
45352d7b7bbf1bf17cdf1ab6d06171c00da3b9dd
-
SHA256
5e66d4f6c4b30ca45bd80f2fdacbc188b4f65da25ec9f5538c1dacedb55af768
-
SHA512
cb56de0ab5aabab8a3bd9acb3bbb94e582cd997bdc55dd9a539a5512a846075bb92a83bbee31782d459634a79a42807578b7611c3043501bbd6be5fafb28e657
-
SSDEEP
1536:5tavFCU7TEItlETGQy9jH2HtvuFsbLdla353AR+a8GmnX/pcePd:58vFH7TEIteGBH2HtvN/WtiERJd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3572 msedge.exe 3572 msedge.exe 4472 msedge.exe 4472 msedge.exe 1980 identity_helper.exe 1980 identity_helper.exe 1176 msedge.exe 1176 msedge.exe 1176 msedge.exe 1176 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4472 wrote to memory of 2948 4472 msedge.exe 82 PID 4472 wrote to memory of 2948 4472 msedge.exe 82 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 4128 4472 msedge.exe 83 PID 4472 wrote to memory of 3572 4472 msedge.exe 84 PID 4472 wrote to memory of 3572 4472 msedge.exe 84 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85 PID 4472 wrote to memory of 3896 4472 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3602b16e1c6f0f4ef5c28d599262e888_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f47182⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4692517746609666615,8996199814828054976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD54bfd1e693b303b42dbc0960db52528e2
SHA18c52eb4c62117461a7370e6dda918316fa64d949
SHA2562eb08402e7445f9a94f644d815ed67beb772436a389174553c168f4eee5316a8
SHA512ec49586ec7b6efa3fc3b20132c349f7b11b8630b8db33b82932e7150fb1a020459ef3ca3a3e8a2235ef88a5f061764a41e04c0826b7e81803569b87f1f9ff060
-
Filesize
1KB
MD597856e7cc8cba37e5af5021c0d54e92b
SHA1a3be06da6141ade5da87e41afdc2053d29e59165
SHA2561e7ccbc70f125e8ee320a8e122de183fb59ca7cf2838f4970e74a6f06dd0f17f
SHA512fb79a22f10ea56b8eeb24c807ec293f202ca61decfbc70628f408e7e2008c35b4ae488a159cb3735f1e6aafb9619761073a7013ef0550762fec18bae71f63ac5
-
Filesize
6KB
MD5754c0792e52a7086f942a8ad9724cdc5
SHA1c8e90fa405988a01b8b62df63fc4c5ebb693d924
SHA2566d4562fc348276792d5f7eae23bf492e56d82e35efdf610207a43f21fcc3b1d9
SHA5121f39a4a9b6a4bef24e44b76252d026be32ad8d591eedbec69eff770dddc48be08fac19ab546a1a55d0bed4acf80ff4db068d80b868398c30630daf9760912803
-
Filesize
5KB
MD5d506a9ed19ed5075dbe7ee3d86f791bb
SHA10ff3d5de9fa84de6de39b0e28a85dc8ec338a3b1
SHA256c8c63c2e0915cbabe5ba907952fbd367e1d839f17e79076b01283adaceeccd24
SHA5129395d6175b61e33462493f9c7b6bd92a99714a0a7dbe79d7eee26595931c5b9be653ac7816aab513da0aadf9f30e0053e91cf7dbae286b6696cbf1e7962dbedd
-
Filesize
6KB
MD5b938366c8c9cf282079755931017ae73
SHA1478014930a929466995c025ee161fa5645a5972d
SHA256b691eb161844432d34cf1bb6e784960f0bff1e6abf957debeaa0cd252265ee27
SHA5122d1cb994a525ab1c9efe6ff4c2a4e611987b50a6e97bea9461947c5eeb5bf5f20259428d68d27b821f83a3dc198d1fefaa25a8f49fd77116b0198090fd248d60
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5657f25bb34a2d706c64ca0a48509bcdc
SHA1d48623500d5bd4b45cbd67783aa177157a4ef50d
SHA256257b0b39f41adc941aa1996b0d86938750bce7b532a525a2720b330b1f4add0c
SHA512a4d8fdbda3a9aa3b23c749bca94e33ceaf19332960e5fc436f4d17b8b492f186de822b1a0c430ab4255afefcb74bd585024d881b154782114ccba5adebb40222