Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
85caa1bd5b0d4923589e3270405128dc_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
85caa1bd5b0d4923589e3270405128dc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
85caa1bd5b0d4923589e3270405128dc_JaffaCakes118.html
-
Size
52KB
-
MD5
85caa1bd5b0d4923589e3270405128dc
-
SHA1
4c5a5536f6890ef9a180146593f05870a5228e74
-
SHA256
e65edd5db3e38088c47a165536ac39f87a16f11ee113eb8e533a17beca953fb7
-
SHA512
e5b1dbcc41bfe926e1ed67f33d1edada9ea2830ee913c1b26ef845e24058755c0f48e3066ad3743c05760c8e82080f3e72b8eeaa24dd629bfb56533c6e8654d1
-
SSDEEP
1536:t5yEE0YWXDU2+sO5f1hKbQmQvNFm19jsUCGu/klR0mR8nax97e:UbiSsOdbKbQmQvNFm1NsUCGu/klR9R83
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 1480 msedge.exe 1480 msedge.exe 3696 identity_helper.exe 3696 identity_helper.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1480 wrote to memory of 3076 1480 msedge.exe 83 PID 1480 wrote to memory of 3076 1480 msedge.exe 83 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 2280 1480 msedge.exe 84 PID 1480 wrote to memory of 4536 1480 msedge.exe 85 PID 1480 wrote to memory of 4536 1480 msedge.exe 85 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86 PID 1480 wrote to memory of 2536 1480 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85caa1bd5b0d4923589e3270405128dc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc847182⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14426007117067603406,9184414641660293164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD51cb39f3ce40fddaab07a6fd3ff170f93
SHA1dd879e1b06968ff448c83b7f5b74722b122a9295
SHA256d8f5a0a2e32e347ec7e2c2ce056ea7c51a07c570b6414a8ce6019234e8885c08
SHA51251c18af0b7172609e76cc2a5e8dc185a39cd837681e972929a6a92680dcd5b998c1892a61e034b5d525e4739d2c38d1079daa3b110a54a4341101764792131a1
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5cc7ccace26db89de74d22ae51dc322a2
SHA15d8eb99622acf3a0f7ecda6f1c422dd31e0a5909
SHA256dd2a9744a13bb5e779ea3fb4980c502b36967621fa04ee8869527f720947e5c0
SHA51215f2b760fa84f86d7534e3533567b25efc294c0defe572d6117a60002b33ea1f60ae5265c642c814f75234b10fb7f096f74670f91638e7362e76a97a321856ff
-
Filesize
1KB
MD572255fbb7f9a87204266208638649519
SHA1c554c2f4a2e5f8826ae40750bcd9dc55c1a323a9
SHA25693283e2f205073012a1de083ddce9cd99da3cc32610ad1bc7c9b368c74a65e02
SHA5126f2114a514261e4bd5f5d958ddaaf340de68bd923964cdc4b1b80153beb05bef30227a32c658188f89ad2becbab2b74a1507f4f9511a0c8954c02b34ad086866
-
Filesize
6KB
MD5cefd63a1492c9bd9b66bf9c8eeb96e6c
SHA15931556c899e77b26320dca73048b49a9f1d5791
SHA256834e826c33a78af149edbbec7707e7fd215117989741e7d4b38cfe19a98aef5b
SHA5126fd4449dc1c1af14e48abcddd7119f47e4a624a7dfe8ac9101ea22d79511d040ec482ffed940da19ee396fb56dca44c404e4b06f4ed843be5b5b18d877462726
-
Filesize
5KB
MD5bb06c3a2b969225c6c2985f8136a50ff
SHA11cb9d71b50e2a7b4bfd945b01b850841e00fdb6e
SHA256c2e4b5d70822e5044783642451b229ca21c8f2a198d322607c9847fd05bf1a17
SHA512b9a42d43b90c244479b0222f6e389e18f6d74ea38f2fe8258602b839d7d3a33a4947159ea9f3d9c848c7ded08dc83a09567343383010d437550b4fdc8f658011
-
Filesize
7KB
MD54ea4555953dfc3e8204358c5802f2bf3
SHA1f338413e7322548b7f0caa412e1fea2786418e8c
SHA256a9450bc210ea571b324fa8a00fa1e3ca8a855955ee23c2852ba892734be7181e
SHA512a7a9487639ab9f2ba412cc58936567db4eabeb23929e2f436467a4b1c68d59783ceb85aa32a1ce917cffbf0467c247f458a9317ab53a2aaef9e0f22f53f93fbf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389