Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 15:55
Static task
static1
Behavioral task
behavioral1
Sample
6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html
-
Size
96KB
-
MD5
6f0d166f9349b62c633dad73ffa6b9f6
-
SHA1
99f17b92a4b991ab1de8148c65b187ad768fff7c
-
SHA256
bb84f3f34f284f70d00ca764c5be407f2cc3d10adf2318d8b874fc0eff880ed9
-
SHA512
702e31e37f0cc1255684afde93257708b910c0da4a37917526af847cc6c114ae38d55165f1463c748aa3fe15cec3de53669d641ddb066d68f0b5768cd13a439e
-
SSDEEP
768:SC6jXWVerH0hIKR/oE491xelfbKVcqOySNEGFo2bqO/Impo6zDuf28GrahQDEIIT:CWVeYhIZrxe7p91f7l6BOMb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1044 msedge.exe 1044 msedge.exe 2280 msedge.exe 2280 msedge.exe 3412 msedge.exe 3412 msedge.exe 3412 msedge.exe 3412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2280 wrote to memory of 2404 2280 msedge.exe 83 PID 2280 wrote to memory of 2404 2280 msedge.exe 83 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 3196 2280 msedge.exe 84 PID 2280 wrote to memory of 1044 2280 msedge.exe 85 PID 2280 wrote to memory of 1044 2280 msedge.exe 85 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86 PID 2280 wrote to memory of 1624 2280 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca1247182⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:12⤵PID:3808
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5669ed036f92bd0c6cccd3b742ab981f8
SHA15913071f91d50675b30c9eb84482fd2099aba9d0
SHA2566a633a70ed70adb62326908f1b1340ce5d0f13ab2b5f18ac496992ef4c27b3a4
SHA512cd9fbe4cf777592d7e5db9e4aefa04402ae2491c706213df639664666d2184fa871f1f2d81659504444a00eb7d61a24a23b7546713c0e587c842902240b90f72
-
Filesize
1KB
MD5dd65e3a63307e3253221367dc740a31d
SHA1d635f590702fbab26080cb79b99651396a8fd64d
SHA25628ab2582fa068c037b00315074bd432b27c6d6d672e5b2410d6e04ffd5f4ae7c
SHA5124060e4ad202ecbf40c3ce4dd17d468ff0d21ceedb77e0ad143bb8d59aa7334ade3abe68c0404135fc507e5ae726d20310111a9273ecaabd026948ac4ec954342
-
Filesize
5KB
MD555a14e6bb9768aee3d2854be78e1442d
SHA1e705b440dd714302f314549c736d1299cbe52efe
SHA256ad9450f7ae2252b77badaa28f6347bde204493665be3b0f625a0e205823f86e8
SHA512d8cfe6f265bd14bec4c3afbc7cdc2c8726a543100cc59a4da12f2fc89e366d7c5761d2e93fe3809bbbf3a696e04987f95302116792758db2f245d1aa6fd2fa83
-
Filesize
6KB
MD5ccba74144e19ecc71c5c2a6edd838181
SHA1044163a51c5576f047611fd87b19822b15ce5ee7
SHA256d27505ffa760aeb667f337f243bcd3a7a61019f313d4ee55bf8b40e0322806d6
SHA51243d6b8da6f92ce0c339f12d1d009bbcbf753ca42ffdf1777c4788200d7a85e53962b15663d268bcbbb2a9a7cb5e7dd1b512322bcf6b78d3170eb0c4bc50b0ddd
-
Filesize
11KB
MD57b48f4a891e9be52ef4ddc13bff11fb3
SHA195ab1002e98690ab258df9398943d5bb7274696c
SHA256a0b3bb2c15c195e3aa3ee3ae3da260c2c275bdd6fc18c0c7c5321c0110ec04cc
SHA5120532a91312143da12feb1697ee3f456aecaeb9c63522627f88128d39f2f83a2ca6c75a40dd462821e144c797998654d2c3963d12c399f9259b3d30d9c82ee262