Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 08:48
Static task
static1
Behavioral task
behavioral1
Sample
ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html
-
Size
56KB
-
MD5
ad9c9685e850d85fdeba0a3b99005035
-
SHA1
93d776559c688dea10bbf13348994d4ab684b4c6
-
SHA256
cf3aa842a19fa30dbcbc21ba758daa365e659051bde272c668fb4250531a7b7d
-
SHA512
b8c48999a4eafac8b91870a144808ad8ff66d0d74cd269baf820ca35b5c6b9b4f8a28b76d3166507a97bce1189f35d54814353b7059cbb41a446a21954b926c9
-
SSDEEP
1536:YRRT9rCX7CeHAKsPbQJ1CPMeBrVjTRvRb8vFtNU02zArQJt:YRx9rCX7CeTsPbQJMPMQRZMFtaara
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 752 msedge.exe 752 msedge.exe 1704 msedge.exe 1704 msedge.exe 2852 identity_helper.exe 2852 identity_helper.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1704 wrote to memory of 1204 1704 msedge.exe 81 PID 1704 wrote to memory of 1204 1704 msedge.exe 81 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 4992 1704 msedge.exe 82 PID 1704 wrote to memory of 752 1704 msedge.exe 83 PID 1704 wrote to memory of 752 1704 msedge.exe 83 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84 PID 1704 wrote to memory of 1000 1704 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8e346f8,0x7ffec8e34708,0x7ffec8e347182⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:82⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:12⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
23KB
MD5e1c71f7c04be834f5587230db2ad24b3
SHA1f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA2569fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5e1af660aa1521b0520c17ebbe957d906
SHA1a7766640ec91b79fea5884e027f5e9fe0bdb2039
SHA25673df6db7e6bc489537b9e327a3ee5d703ea3b4127e74a25aeb2d96b3dd1d30e8
SHA51205e51321e93a18804a35f6508ec125d559baf831df33d80ad1bc8bab39bc5841f6af31d013b2ee192c97e494bc14d78a32e9530c4405ae66d0016be73dc5b7c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD53ac099b3f8010d3285c4612a1b9cd91f
SHA1d418774d59962d08ac074fdeff4eb4c20c9535e5
SHA256bd6179522212267b2197355a6a05fd834b48501ed354a7e5d362cc2f69bba0bf
SHA512cdb455d75c366b9a13cf59d4467ba6e683ee12a31040088578468519c65d9040a85f606f15233961126b46a40ba00c7dfece7477c8db60f18ea711bb66bf510c
-
Filesize
1KB
MD50d9d46e9042cdd5b8b1bea150f82c3e1
SHA176ccf9768cbab4cfa1556ae3d07fadce538ed1a0
SHA256a2da6c01cd8cbcc6b8df02ce6c440e1b0d7574ec41e50501b952815c696833bb
SHA5129437488573f29b5da9a3ae7a3da59578630c9c66940f69fb8aee486d8299f90ec0b644c0d675101c0995bbd63f7cc7632b196ce07622c9233f87d053bb32b0f4
-
Filesize
6KB
MD570c47a1f70de85d11ba8adee70bdaddb
SHA145acf5350991f7f235d77a8f974483ee9820739b
SHA256d15c8b5b7161c91b20113e5acdcb246242265f2608c8115c38549195fea3a125
SHA512ae5c0f7b328ec5190f66bd5b310f7f8a5066018c4a03f41589a12c3f6afec8999299ce6ea1ff09791f50de455e997223afa09471df65b702a99b902704f23845
-
Filesize
7KB
MD5697ce31ddf18cf2fa3b5634035f33ecd
SHA1ff07a41584d24242014d35a7dd5b4ee9cbb92c86
SHA2568ab3a6626ac63ccf8c17cd1ef8668f1f75bb744bf5ce15a0b30de4db76aaa17a
SHA512f381e44e27261fb25088363a4d12b2b930368e7528546c61290ab7ecf6dd4b5556040762a9bceadfcb202df67d390dbc6554cd6ecfa8d1f2e6667fca9a7d6930
-
Filesize
7KB
MD5d2889b7c3c182f093fe3128aff753bc5
SHA1137bfed5928b287c6724b50da90d1be616559160
SHA2563d6b10d2aeac6a3e285b343739f0197c916858176faffb7b3609a2083ef4de2e
SHA512b1e5a08f86ac513d38c0246503891dce2a835f4a36efe2191c7442635884ac9c5b4bbf030d10f2516919a16ec841056ee9ec7924083b3bf4cfe18489908ef221
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54b7607bfb7ab520bd2b229ba4950f6d4
SHA1145013adffb7f30886858d6397058fb46a3f1caa
SHA25688b91d6a1418ec3fb49a546f52094b3e99bac0ac595fc60afc294eae26518801
SHA512c1e1cf8f6afc49069152e60f51186fa846b96746d18ed8326aee6618acdad0c0800d7b9b0571eabd0219b9183580ca7448a790644afcf1e9d1a52c0d65fdc1f4