Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 07:14
Static task
static1
Behavioral task
behavioral1
Sample
27b099d9faaf2df827a1ebb098784a41_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
27b099d9faaf2df827a1ebb098784a41_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
27b099d9faaf2df827a1ebb098784a41_JaffaCakes118.html
-
Size
14KB
-
MD5
27b099d9faaf2df827a1ebb098784a41
-
SHA1
c2d78abc6ba0cd1fd74187a5c533ee3378dba5d6
-
SHA256
57c7742aecf3438eb5b0fd50a344cfcf04fb775211061126c34954804e17acaf
-
SHA512
176dfaa416321bc4f90d058b4201248643f7c5da336bb2ed168c3899e064d912eae0803030dd289a92744f3f1c86b2a9125d73d7a8a8ef4f12864d6989cc889c
-
SSDEEP
192:98qhu5jcv7Prc6RLAzWdMhR3vbRiogxcriKpmvPkbCf3fYiGubeDvWBNDkciyAOo:9lOcfsDTorhiy9CjZXJfNnQbhbojSnJ2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4608 msedge.exe 4608 msedge.exe 1408 msedge.exe 1408 msedge.exe 2376 identity_helper.exe 2376 identity_helper.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1408 wrote to memory of 4136 1408 msedge.exe 82 PID 1408 wrote to memory of 4136 1408 msedge.exe 82 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4116 1408 msedge.exe 83 PID 1408 wrote to memory of 4608 1408 msedge.exe 84 PID 1408 wrote to memory of 4608 1408 msedge.exe 84 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85 PID 1408 wrote to memory of 3044 1408 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27b099d9faaf2df827a1ebb098784a41_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff1dc946f8,0x7fff1dc94708,0x7fff1dc947182⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17463813145895222979,2444548710348362766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2612 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b6c11a2e74ef272858b9bcac8f5ebf97
SHA12a06945314ebaa78f3ede1ff2b79f7357c3cb36b
SHA256f88faeb70e2a7849587be3e49e6884f5159ac76ef72b7077ac36e5fbf332d777
SHA512d577a5b3a264829494f5520cc975f4c2044648d51438885f319c2c74a080ea5dd719b6a885ed4d3401fd7a32341f88f26da5e3f29214da9afbbbd5ee950e8ec3
-
Filesize
152B
MD59abb787f6c5a61faf4408f694e89b50e
SHA1914247144868a2ff909207305255ab9bbca33d7e
SHA256ecfd876b653319de412bf6be83bd824dda753b4d9090007231a335819d29ea07
SHA5120f8139c45a7efab6de03fd9ebfe152e183ff155f20b03d4fac4a52cbbf8a3779302fed56facc9c7678a2dcf4f1ee89a26efd5bada485214edd9bf6b5cd238a55
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD55ade76eae5f39dba2f74a6c82f68490b
SHA1dc563593c85c46ae135fb0ca102c9492eb526277
SHA2562df0faff944e5bef8c1db4358cb2a5b30007d8d470769c01da4adeb75fe8462e
SHA5121631b750506692cef72373692cd1b6d0d86643b48a00b05aa9d8c6528ef4a365f0d555d37856a737bbea1ba78d71e8e388e22ce2989abf2d5806da05c7a782db
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD5f1c1054e6766df6740b10d7375fcaa37
SHA1e2521b0b3a5a5cfc069e1af066f491714fd743b4
SHA256e1489e5d5af86383fdeb03289162abd9fff4aabb5115c9eb11176051f3acb16c
SHA5120a3c6a31163c8057557c63509bef1fc518180187c7d8e4fd698ed918b1fdcf7dae4fa4d99918f29b7fa72b3487da2c89644ac7c4f0ab5d58058268630c22726a
-
Filesize
6KB
MD5d1162ae414ca7d076303f231d881c585
SHA10ad19f7680b0320c24192555f5707ba098c033b5
SHA256ceb5b09b330eb7c275fc8884590a578ae47720a256e926907abf212bc7bf6489
SHA512dff6758023c9e21a337b50787e8165e6d9178fdadb73f180b63d7261fd402918cdb30ee1728d8cb388a3fcd8c18f02762b25dee9728ec4297d5b5596ace78a76
-
Filesize
6KB
MD579b2e17d418ae95b457db732507461e4
SHA1636eb34899f2a51a9990a77875246f1056149146
SHA25600368ab4d6870979a462e8b31fe32b3ffed92cd35e30fe0c4612c3a420120879
SHA5120d28bcaa058e0426d23fd49d3e710c00f672988590ea9ecab4c467ca699d5776ab54478c8e285d11f6cd2840ffb0b60ac8f319a5ecc1c6669baf97edc0d95fc0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ea3290322b54a5629a77ae0cf7439639
SHA15c40ffcc565bcdc1920555f5ad98ce615e1646f8
SHA256592a7636a60da08446e974f38e9c38321f5ef3b614e9cba15b6a5a03e40f6cbb
SHA5123f3770175c69f7f5fe2c53b0bc473497d4fd939771c236cd1b072bef002314419a41c7a3380c1b6f9b694e2b21a55936738a3c59228e7e27bf9cff9658c0f813