Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 00:50
Static task
static1
Behavioral task
behavioral1
Sample
828e1f34e3b28bc744fe5179fd306166_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
828e1f34e3b28bc744fe5179fd306166_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
828e1f34e3b28bc744fe5179fd306166_JaffaCakes118.html
-
Size
44KB
-
MD5
828e1f34e3b28bc744fe5179fd306166
-
SHA1
438c342c87f6215957871bbfc4de614993c559ca
-
SHA256
658846e97035f69104f42ebba65109cbd87164112871167682c9fa7b274c263a
-
SHA512
43c276a3c1ef4763728dd21ca611ef9b439bcceab309b1120e84f5f868b47c52c758d6939de083b49397f406f78c64b565454161d4b5577e391aea01d9776c74
-
SSDEEP
768:CpwjkAph0g4XbWJR4UhSImzZ85Jvwtvywh24/BKMIhwVY6QqQXvJdPW80vaYIJd3:oWkAKvhVBQqQXvj+vahyrwAFIH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5528 msedge.exe 5528 msedge.exe 1412 msedge.exe 1412 msedge.exe 464 identity_helper.exe 464 identity_helper.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1412 wrote to memory of 4356 1412 msedge.exe 82 PID 1412 wrote to memory of 4356 1412 msedge.exe 82 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 4016 1412 msedge.exe 84 PID 1412 wrote to memory of 5528 1412 msedge.exe 85 PID 1412 wrote to memory of 5528 1412 msedge.exe 85 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86 PID 1412 wrote to memory of 3184 1412 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\828e1f34e3b28bc744fe5179fd306166_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a4f946f8,0x7ff9a4f94708,0x7ff9a4f947182⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:5768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:5828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9925902555587675412,14044126587287968992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
19KB
MD5504c509e7ccec111dcb2a0736c9a5ba8
SHA16af2353a0d05f0c7ba50f0f93d90c241cf89c146
SHA25627129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a
SHA5123ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD517849110aa81b4474205dfc7f03858bf
SHA1f15122a3cd81e29d7d6d559d2d47a6c8dbb3d54b
SHA2561d69542bb9ec698a65bf04fdcbee9157b29c9b350dc6ea2ccd2760c7c1a487d6
SHA512d22a4b4cb4a36285141dcba7d9bb1db1168d68c733bc51ab28109df48a98aca388ff2b05ecc2b11f38cda26c665cd13b14017601c91f5a66060e9bc22f4376f3
-
Filesize
1KB
MD548ec74b9b0ae6aa8b8b6d19e144f349d
SHA1d390f19ac72615c213d548e3320c55c662a1fbc3
SHA25661d6faf597189cb3e60d18cc7bd0e0c310e370dea401b1d0784f2019d7b2244e
SHA5124d3e0f407bf8cd16fa1ff2593e061dcebcfcb8a840e98dcb3f6bcef0b1f8df9f3ee66567678bc8ee7d487dd24488b119daadcc23e7fc9d7fbca37f2b4d5a5519
-
Filesize
1KB
MD56f6a1827cbc21b9b269218bd36d77172
SHA1508e68149747f9dc0fa70e599e497d88124b0532
SHA256c6a0ea02a100a3aab948895cb0395c1d30656f12a21b2ad36e085cc1169da763
SHA512d4cd54d9cb5c641257608d38b60bf1bd102fe9cb52f952efdaf4a72ff1aba90a3c8ce259033df4ba1ccd8612819cfb8e80bf34d6f59025227ba34a0c876188b4
-
Filesize
5KB
MD55a959c99f67aab1871bef92f9782d832
SHA14061b7756d4567ed80d5ef0ef3b6f7547b9c0441
SHA2561bbe244a42fbe27bda1d6a65412df019ea346d2a5acaf738cda5c3a9999c448a
SHA5128d6761fce34ee7055a051be41b684da08061b4c42a7957290c061035fbe6e339c61605ed880791fb61228f3a6213cb14738c7e8891fac8d47b1c3c56f3082781
-
Filesize
6KB
MD58874912d3f6bddcf191329edea65bb78
SHA178ae5efa53d788c24c886bc2bb5200cbd5e5bcfb
SHA25659bb689395442175967be2ec33491c20787a8b0d05d65b1ea0b7c075ecf9edf3
SHA5122f8dc06b2b41a2c5280bb6033e5d666736d19d4ba6c8f4a23a8f7cab80fd4e655edb90f6b8df8c45e715e67b9dcbf49e360c8e37944d82a0326d4c71ab10f614
-
Filesize
7KB
MD5afff943b3433d42e04d7be72ecb2aa08
SHA1518df9bb1efc72b5c87af08dcf553adfa1103dab
SHA256ad10ef44c91b6ad20da8cb8e5f7c55e73ab11cbb82489b9ffeac95ecbd0bcb2c
SHA5129d7da62a7bdbdf72f4d0939d6c80e788376292f6eb15fa4c01878a86ef4082cbb3c6ddafd29c4b21da9fd321508bd76f4ace2b4e93e69d7073fb8d6bdbd979b7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5987bc0ee5ae091aff35facf7ef38d5b1
SHA11f96a95e5a57cdcf3acca8c83bf426dc8184fd75
SHA2561bf4ee620edc320215bfd4b302b3468555bf79ddbb56c105ad6a41fe19a044d0
SHA512e9415fd27760b4c79e5bbababc5db3b96d5b08e72dd3fb84199a51c9dc50f4a233aa4c75dfb03c7a930b60497169adeaf15a8af9b365f12093e6e9b1a079ae6e