Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 11:09
Static task
static1
Behavioral task
behavioral1
Sample
7cbfc881b3c9e9c777519ee391801e22_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7cbfc881b3c9e9c777519ee391801e22_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7cbfc881b3c9e9c777519ee391801e22_JaffaCakes118.html
-
Size
2.7MB
-
MD5
7cbfc881b3c9e9c777519ee391801e22
-
SHA1
7b5014ec05951562f7a7f9ac993ca57247637e38
-
SHA256
8fb9f61d6e6b8d2cd4c52ea8e860078806639caf70dd63f1ff4c3d6b45d796b1
-
SHA512
41d64a000e443e2c6344797c590d445bf210591cf529ef7e0bc9281e66a04451bd331225f30d5fa623232912f1f168455abc625b39839bde8d794bd21989fc8c
-
SSDEEP
24576:Y+aDHsc+aDHsj+aDHsK+aDHsw+aDHsk+aDHs1:s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 888 msedge.exe 888 msedge.exe 1684 msedge.exe 1684 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1684 wrote to memory of 3800 1684 msedge.exe 81 PID 1684 wrote to memory of 3800 1684 msedge.exe 81 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 3120 1684 msedge.exe 82 PID 1684 wrote to memory of 888 1684 msedge.exe 83 PID 1684 wrote to memory of 888 1684 msedge.exe 83 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84 PID 1684 wrote to memory of 432 1684 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7cbfc881b3c9e9c777519ee391801e22_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb576846f8,0x7ffb57684708,0x7ffb576847182⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12332995693073872358,4374185332002274273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5b6f1d626c3955262b40ea72ef0a91501
SHA1ce68dc8a7035a47258d22e19a14b1f7926340ba3
SHA2568efa49eb6369be85d6e9e8b5d9e214e902ea5b82c56504644a4916aef687fffe
SHA512b0cabcd3f28f000b877c4d7a72f2a8eaf554785b1c1e838d2723f1d19548536cadb749fdf458890ec6fcab97c3deba5fe9c97662a1e6f6e5deec472f1acf8756
-
Filesize
1KB
MD5d44d7b96fb058c4ef91b6a1177001455
SHA18115888b076dc7d66de925151859e8da79b7febb
SHA25639bc657c8bd8cfea6c89dfa4167079e9470e6264504d50d71f102d50b8313c55
SHA5121be0beabce2deecfb63290ba68354d3028c6466296b7e61cd12c386083e5dc31215daaed792d75b7b4690fb8d6ee6f3586bcb4b7b9e7cc6da3959fb7a762bf88
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD5ac6f909a5cb07b0872c5c493829abe79
SHA15a4e63987ed8cde754f1ad3dd7dbaa0f60d02829
SHA25688e3c15159877136b400b1ed2f86f627e2c436ef494ab7c03baa7874654549ad
SHA512639f22ed946c7ea1a2781f6b1da9aa73a496c0b0795992c40d9840eda53362c6b05f90706ea46cf3dfe5ce0c972f6fc82405b1ee3dd5bf48bb24f677e9dd8210
-
Filesize
6KB
MD5f4fb68b9b4ec618f76e2b715e7b0cf73
SHA146c1e133617b5f6472f2d575ea7186da2c58e474
SHA256b3a24769caab186e4122d7c6912a26181c6438b896ba286601d7acc5191f474b
SHA512d415d58a0a2fb939db46ef86195e8f55388316e2287142e158a7231ce5e98d4f00eb33d8e28ce14d037cbbbd07e006fbbb8c4856c64763e1b176a7f7fe0efc82
-
Filesize
10KB
MD5045157f8d8e94e47f0c21dde67917dc9
SHA1f0b868fc94e62031f8daf1a258289a763086dab0
SHA256f6dc4be78f1ab6f14a36a44b362d84f7dfca1a400d3826ea9cd14e46aa41c659
SHA5128b974eb8af0ca55d4e752e5bcfb8712d54d1931d27a71b9beacb0ee490f5f05c8bd661309c8c475ad71a8d0eb8b4c7016c60534ba1ef5a20e3f802b7be21f762