Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 14:51
Static task
static1
Behavioral task
behavioral1
Sample
288ca3b35007c3ab64549c200b765c8d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
288ca3b35007c3ab64549c200b765c8d_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
288ca3b35007c3ab64549c200b765c8d_JaffaCakes118.html
-
Size
57KB
-
MD5
288ca3b35007c3ab64549c200b765c8d
-
SHA1
009180087e019fa914a1d38d465e9dccec9f8a9b
-
SHA256
97d0ac5403621f87c701b755a8a2396e8b9f4e43b6fa6b86133e794ec4d52c70
-
SHA512
721fbc82ab9b27082ba3b400245600203e591b25fe106b3bbc3c4c9a45aa6275e2ddae6699d189caeaf706f511c4ebf55cd413146371e4dda53b55f546e298cf
-
SSDEEP
1536:ijEQvK8OPHdsq3o2vgyHJv0owbd6zKD6CDK2RVro9lwpDK2RVy:ijnOPHdsB2vgyHJutDK2RVro9lwpDK2m
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1644 msedge.exe 1644 msedge.exe 3940 msedge.exe 3940 msedge.exe 2548 identity_helper.exe 2548 identity_helper.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3940 wrote to memory of 2992 3940 msedge.exe 82 PID 3940 wrote to memory of 2992 3940 msedge.exe 82 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 5000 3940 msedge.exe 84 PID 3940 wrote to memory of 1644 3940 msedge.exe 85 PID 3940 wrote to memory of 1644 3940 msedge.exe 85 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86 PID 3940 wrote to memory of 892 3940 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\288ca3b35007c3ab64549c200b765c8d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc99746f8,0x7ffdc9974708,0x7ffdc99747182⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:82⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8552631572192740406,5129221300075398452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1568
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fbc957a83b42f65c351e04ce810c1c11
SHA178dcdf88beec5a9c112c145f239aefb1203d55ad
SHA2567bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128
SHA512efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce
-
Filesize
152B
MD55b6ff6669a863812dff3a9e76cb311e4
SHA1355f7587ad1759634a95ae191b48b8dbaa2f1631
SHA256c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906
SHA512d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize696B
MD5c9bfcc272166924718d7dd004ac7c1d9
SHA114addcb5460a7cdbd049a83c7276d3955dbc24de
SHA256937b4690e567d14e3880d32265438488632845f11e47e5e1fa71e1f6882b3993
SHA512712ed1b7c51fc29510fb756e4ecddbabe50a542574f395cbf85befc18f3cef7650b69e9012c31f37e119ae3a0848cc0ea23c63253304b8d6687a075f8ec5355e
-
Filesize
1KB
MD5be4e857b6e3d5c8903fb401d0483df44
SHA1d4255e25ef7f94ed70627270bc6eed0b48bb1d6b
SHA25651caabf6ebc88fac18732debc98e6b8850bc961006b227a27b72b7cc32602568
SHA5123454ffd2a3531f892a8733b0f6a972f7e32e4be79100b043a1335c070389631c3c5385e4aedea97c8a6cca129af8c7b475f4977f7eeb9d34b6a0892c805e1e30
-
Filesize
6KB
MD564c1fa29b4014f15fea82d348001ced5
SHA1181c2f2ad3d37a3f8d9ae36e68bac8ea14a4c4cb
SHA256839b1b75cdd9a35c4e1a357b6958cc5d204ef283e8e084fa115ef5f8a1962fe4
SHA512be9352cc43f7e9fe8402226ba36d187b84e547bc6957ca04386d7a49e0590691368f1aaed721bf88711e6204ed081520c70cca488ac504d2b71675c7b9f51ef9
-
Filesize
6KB
MD5dda70ff2942f5ce9a430486a918114ec
SHA19ece4c86ea6e058f85c2a47031ad576883ba75ac
SHA256e15abde5a9dcb153a82772fa18b5c4ba68c8d52f470328d5ba930c7da79de0cb
SHA5122475be7efbd3fec66a2242a9161487eb8916277a1c30dd834ca4bb4e05df6606a8ba55ba2d4a575e22e6a264f1d7f6de293ce47b5e6baf0cf0b473990723797b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5280dedd6a8dca068fcf0981f321069e6
SHA172011f13d1ce2c8b5fbb1e66dc33c7f573e4d39d
SHA2566b10fb28b2ea3703451f0d9e96f422ac11c874cbf4b9ea7a916aef4d02a7f7f5
SHA51211259ab31f88f66abdb187d66fa55a24675ff8d4d60440c7ce424cda22c62995b75c3abaab784c9ac4f9e9b9b041e50386270d9af7613dd598ce542801206531