Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 07:19
Static task
static1
Behavioral task
behavioral1
Sample
0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html
-
Size
8KB
-
MD5
0d2e67aa1376fd0005b49b933d50926f
-
SHA1
255b4c512a194899762dfad143f80fad768bcd08
-
SHA256
2dd7a860de7b2741704499f3c3802a241c29cb7a4a71e0181cc07d30c47b4d89
-
SHA512
35da6ab28f6972efbeb48cf7068b3c353816e98321865b64a2e70cbe54ce23176e4c32f7b8a40f0dac2c27f187a48f5b971c8311461ce64bd9f18d4ba8200207
-
SSDEEP
192:ws0HBVWnY1aUWnqmxt/CIwe2WeQkRA7gAGJ/I+Tsx:ws0bnIweMg7gAoc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 3164 msedge.exe 3164 msedge.exe 4876 identity_helper.exe 4876 identity_helper.exe 3508 msedge.exe 3508 msedge.exe 3508 msedge.exe 3508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3164 wrote to memory of 5036 3164 msedge.exe 81 PID 3164 wrote to memory of 5036 3164 msedge.exe 81 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 2860 3164 msedge.exe 82 PID 3164 wrote to memory of 5080 3164 msedge.exe 83 PID 3164 wrote to memory of 5080 3164 msedge.exe 83 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84 PID 3164 wrote to memory of 920 3164 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d47182⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:82⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2604 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a539177-74a5-4de0-92ca-099986b90a49.tmp
Filesize5KB
MD521332208f07ebf91b692080a5e9ae00e
SHA1b26f112f8eb5faebfd764e1e9facd4b1223b015a
SHA256d547bdb00db72855a72d373354cc8513c8f4eabf9aa45f3453ee14140404e665
SHA512c3ce75d0280523201c2265144ce91cdb52090c0724301299c0e8985a4c21cb32bb9aa83db7c467182fd33ef403b5fc1d6d260c8acda9215becc08dafafd162ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5ad83519e5b58c1cd2d3a00e38dff1254
SHA19bcab736485d3acc65db21f6e1460496b1f059ca
SHA2568ea66d85a5e754b643cc698f78dbfb5f6ba042b9b678a125b084d7ed6b16698b
SHA512f6f6e55415f73622053f6ffa798b55ab2277ef4b58c52772763cd2f874ac77bcd67e5db28347620a909e0ece5d551171e3a4f2834847d749bc8fdbce68b3d7e9
-
Filesize
409B
MD5adec95255638b8ed4b1b7ae7b9ad83ca
SHA154f0481366411a245c4725470baf9c451aaebb1e
SHA256f89b0829aef556192073f8addd2ae69230d5382b16f8432fbe256e5c1c40a306
SHA512b31ce6f49db87d228108d14727b83cf251ed885d8d237a8ad2f698493851623e583d9babdbc2f8098b9f417d77779aa35b49d5a15a94b6ac725e475de7505a61
-
Filesize
6KB
MD580fd7a9e07c03dd5287bc894967dc3c7
SHA1f0b9b534e1ac290859869bd8c95bd1e9d04624df
SHA256d2a7764684a844b1037d884881886174137792501b94bd4cc753b50cd4a1a370
SHA512e1085dc1f3dcde5bd7674bc02b9ac60ae62c426f74affcac8aa4efa83f2a8a90f23028dbe1ba171688f6425b4b65eb38cb39fbbb4cba1e5d1e10379daeec40eb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5264dd1d65289ed066c4c0401b3e829f3
SHA1af2b4a35415873494699fc1afd59791d04f20699
SHA256645a643d9d2f84d84fed78829d126d622c9feb6ece295694c0a843c1af1d2949
SHA512efcb5439cf485d380d2d867a7c346f42f6a8877291a45ab50b282d79bed575d9fc02c00823005a7f2c26779b61b78dd5ca5ec9d9edfaf57f16f36c618f08483a