Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:41
Static task
static1
Behavioral task
behavioral1
Sample
804c3888c528c5dcfffe21af7a5a3a46_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
804c3888c528c5dcfffe21af7a5a3a46_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
804c3888c528c5dcfffe21af7a5a3a46_JaffaCakes118.html
-
Size
89KB
-
MD5
804c3888c528c5dcfffe21af7a5a3a46
-
SHA1
2ddb67c07e9d7efbcf9b40d53fad66e2cc94cad0
-
SHA256
07bf6ca81108c07b53bde74883954bb78f2ebc675c4a5148500cf472eab2b851
-
SHA512
23b1c146323a6e35f4346b8c5631ffafc26f429d03ceb5c4f43f71755a0f415e7f57cc7c08ec78b62d54cdea698fd8dab04e5270f38a8983fff3c746a8c887d9
-
SSDEEP
1536:mWCPmBub1z8nV5/AGRplMKR56uKFSC/VmR1JU/1fCK/odIpr:mbPmBub1DGRnMKfQbmR1JU/oKAdIpr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 1432 identity_helper.exe 1432 identity_helper.exe 3568 msedge.exe 3568 msedge.exe 3568 msedge.exe 3568 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5072 wrote to memory of 3424 5072 msedge.exe 82 PID 5072 wrote to memory of 3424 5072 msedge.exe 82 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2420 5072 msedge.exe 83 PID 5072 wrote to memory of 2536 5072 msedge.exe 84 PID 5072 wrote to memory of 2536 5072 msedge.exe 84 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85 PID 5072 wrote to memory of 1736 5072 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804c3888c528c5dcfffe21af7a5a3a46_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb47182⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15362245851502143008,3615847973227207402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3568
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD53b7f40b1425e2bac44a36997ba454eb3
SHA10c6df3a065553db4df26128725f19095ab888fcd
SHA256696509cc0ba9ba544e1aa79223de2396c1339c4ff74a48f22204b7acce32a1a0
SHA51250d545cafd08365f06bb169165e1b90c9b220fdfc76c945cee52fa3727026274464675f62fa44f3bc6871e2e8d3ed759b5ef88203ee1b39608a4d334178603b3
-
Filesize
1KB
MD5794030b04c2be364a3a9f0bd62d8c8ab
SHA19b90af1ac37e251f2d5be26ae2892973c27ee627
SHA25694f5b9853bb75ea71e9ccf4f5ea3f0f0e4f2f1eb09a1a7ba5d2397e5e79b182b
SHA51218869f660da922ebf41b1ee4ba77082f541e6722e4df52242f8846b89ec5b29ff538dfe08508604e4cfa4db11db85d3a70f6d062e3f30d596b378f720ebfdf23
-
Filesize
6KB
MD597d5a6677fd2c4c5d431cbb8f4c72be7
SHA13e9760d4de69a895b1d4680761119f160fd3440b
SHA256ed6d57671c151c1f904e8a7d8e36990613267f828c2b74202b64a124f39e24de
SHA5124bfb2836fe4ca91a18c4c84cf774def1b2ea35742a4d4f129029eda0ef27f083ae7856b9692942af62fda3b14c0c0e567d4c310adca9970b6376beb5c632f1bd
-
Filesize
5KB
MD5786de973fcb82a37cb54a35d337bbad4
SHA1891a605e699439c0b8c30906250c46d0c41b9ab0
SHA25672a169400d4ec45dcf3b516fbc9b7eea3666a6527f2dd3d53aee036a8fe09577
SHA5129c3b212f9faf57a7e86835ee526710525dbd068ca48dd586f13b1eb2b73a220cefa3f20b8010c4addb1228223b69d79003f56532315843fdba8972caca28d844
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f5621dcac35b98b9bce6323829cac3af
SHA124bd7e4c68db70d94c80bc38c675de8f8c510e7c
SHA25666eac4db1f9a694ee447e859efc7bc7692afd99b5196f4f47582a2ce69868ea5
SHA512cd147c90118ee86af02e621668612067035670d6c15f3896d3606bf4069e814d4a68be451c3c9d366d17771a5979b8b8a8f4a947b98a96b2dbbd993e5583e1d8