Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 09:25
Static task
static1
Behavioral task
behavioral1
Sample
adc0c951e8fac39f7d03300bfcce9e65_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
adc0c951e8fac39f7d03300bfcce9e65_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
adc0c951e8fac39f7d03300bfcce9e65_JaffaCakes118.html
-
Size
55KB
-
MD5
adc0c951e8fac39f7d03300bfcce9e65
-
SHA1
9b8a45062b4aabbbd31e45f06252ee74340932a6
-
SHA256
6ff5b9464b044fdc42c3f737dc717613b3e038e765014674800ca57d359e85bc
-
SHA512
84eeeba1c91d11354c9293eb9ac619d0bbfb048dcf5f21edf550ad7e28d4bd2fb08ff18ad7cfd0920ffcd12d30395ee8d2750b1b348f51e60adeb04f2cd61a17
-
SSDEEP
768:vIT0EipB9U+BXbD6cleMde7h0iQTqzSeI3Y9w/ZUD2Suiz:ATupB9U+d6clec6QTPI9w/ZUj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2608 msedge.exe 2608 msedge.exe 1888 msedge.exe 1888 msedge.exe 5008 identity_helper.exe 5008 identity_helper.exe 1564 msedge.exe 1564 msedge.exe 1564 msedge.exe 1564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1888 wrote to memory of 436 1888 msedge.exe 82 PID 1888 wrote to memory of 436 1888 msedge.exe 82 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 1412 1888 msedge.exe 83 PID 1888 wrote to memory of 2608 1888 msedge.exe 84 PID 1888 wrote to memory of 2608 1888 msedge.exe 84 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85 PID 1888 wrote to memory of 4612 1888 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\adc0c951e8fac39f7d03300bfcce9e65_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe925646f8,0x7ffe92564708,0x7ffe925647182⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:82⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17346507270354811670,16606574547716452553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
44KB
MD523536ccfe05b737ae639fe63ee4cc435
SHA16d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA2566ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD5c1abf83505941327cbbfc6c527b5d8a0
SHA1da6bbac5dacb798740a37d8a30a0f86aace3b08a
SHA256e0c9f9b46708d3293e15a787d328d2cc0cd741d09da068e0d6f61a59661b1be5
SHA51289ba030dfb2f1bbc00b64b00421931e659a9c4fc96d5010264af1bcbf44797284a1a1f1397e76292bfd42abde8aeafa519360d1222ffc6215475a4a109b5f199
-
Filesize
1KB
MD5709094c55315197c19c6d2be78e9fcc8
SHA1f1c4d06db92a7d9ea06dff14078fc16273bd44d2
SHA25617a542763ff899715b3a10449614c2a1a06eea8799cce0b4a038fe72ea677374
SHA512209e3ecdeb93e792e5497fa252118977181b632c307eec994c6a824a9b10d5c971c474a10319f016799aa9403c6a5f60acc6e603fa3ead5a6b2037a7379cb0ba
-
Filesize
1KB
MD53003d0960981b4fa37f9e2f4c0003d39
SHA1e67468c86628956543a4be498f7b3f8c36001bea
SHA256a9b61bc2eac65c5dbe4f4dc130bde36e26f484a4c46205166aa8f6ed00865722
SHA5126d638a74f0a58563f5f81396ef810b5dceea7b7dd8f052f48ace3bba57349dcbcbe4db54748d307a3ee19a660ca809fe5dfb33773a25e7abb5de046bcba2b742
-
Filesize
6KB
MD592047fec7f7d99e19c5bd623e5507023
SHA1c5e14d44ae3e58eb40c7da02f67f640184500a84
SHA25651dff52c67846afe7c6d537201c74915b08777c174fa9fef4836ed361b9c661d
SHA5124ea842489360ea9a9833f0dceb70f1686ae6e3674bfb4a595330375211e6f185685282b7ec098cd65c16af2e6880dd2a7a1ecc512f699a58025d4c596d3385b2
-
Filesize
6KB
MD53b8c029ed8eec1dcaf3aa8d1452220ec
SHA1a7edaf3ce8e6dbab05ffcda9d7c6d87f1e1db015
SHA256ab7aca37a7da4135d271ebaffacc2ba1277e577d311889a794d4ba6099dc8d9a
SHA512795c7f1ec9b5f7647537dfecfe81fe2fc02c0bf27e338ab707cc193eac25b5f595228176680ef7353273c4168d51eb849c952dbf409a3ce2f0c18f1c0b2b249b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58b9aafd70aa7d5fa7b21514e63724251
SHA13d935d0532bacdaf58cc8ed106ba482880481cd3
SHA256154c9098e2d5d063bd4de39fcb045ca6edab3768db3f04413ffe1ec9634b1eac
SHA512de554b548415986a0dad9e088d6a3727ffe44b224031c51fcc93efcb5e44642756c9969eab8725cd0feeee370d184806c9828877252db4f74350718f788127a8