Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
08/07/2024, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
2bb64bf5f2f5b3ab58e882cdffb4390c_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2bb64bf5f2f5b3ab58e882cdffb4390c_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
2bb64bf5f2f5b3ab58e882cdffb4390c_JaffaCakes118.html
-
Size
21KB
-
MD5
2bb64bf5f2f5b3ab58e882cdffb4390c
-
SHA1
40475b3ac89a60cc30f2cba9744ea7284dafe90d
-
SHA256
5b5774d2bf1b03ef7d0f75b2801bb68b45d04f9a4051277c6ae0009c18fcfdda
-
SHA512
dda2cd0d82a9aa938181fc66ca5816ea5be9f08de5543a1636971f36d219b1742dfc299274574fb847444188843832e3ade63bc9b7e701562ff957adc2efff0a
-
SSDEEP
384:QfRIjUDGO2G9kLL9j9F2OznYEadJ11vFlFt9kitZbRJgR5MKxvoH8o5dCj2FpZWX:QfRIjUDGO2G9kLL9j9F2Ozeh4e4RWKxP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1432 msedge.exe 1432 msedge.exe 4948 msedge.exe 4948 msedge.exe 3928 identity_helper.exe 3928 identity_helper.exe 4992 msedge.exe 4992 msedge.exe 4992 msedge.exe 4992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4948 wrote to memory of 3276 4948 msedge.exe 82 PID 4948 wrote to memory of 3276 4948 msedge.exe 82 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 760 4948 msedge.exe 83 PID 4948 wrote to memory of 1432 4948 msedge.exe 84 PID 4948 wrote to memory of 1432 4948 msedge.exe 84 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85 PID 4948 wrote to memory of 744 4948 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2bb64bf5f2f5b3ab58e882cdffb4390c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe931546f8,0x7ffe93154708,0x7ffe931547182⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16290701399652503569,15639936289060487805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\968a2d3e-f517-48c7-8c0f-598621a674c8.tmp
Filesize6KB
MD5528a21fc7d22a9df33526ea6cd12eb53
SHA1ac5944b5418f415655ea22a83779eb40d26c6479
SHA25623e92115e5c9b540be74bf1e81a2387d4b01e45ff371752898127f936e1f2447
SHA51216e03944e12e6e08f6d9f0dd19d6f518cfd0e309f88373426fa69a6077387947ac3b9af8a1360e3a3af10510cf5c6c9ebf71edf8376496b623176f1a60774875
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5e300b24dbeb60e60d23b88e648e9aa51
SHA1e602990725f34a91a65c4d2f9224c5acda7eb5cd
SHA256db3f990aeb9407f99e289e46c801c5c256f6a59f8f409a66fef208fdd486a585
SHA51283876bb1e27c05826fb4998c4d739898ae4162267ff297689a2481d2b715dd7eb9d0fc38941bbf08540212e3b078b907a4e020478324bc11b1c8f55d67ca16a5
-
Filesize
574B
MD54805c6f540e482b25194c540f925833f
SHA10d1837b2f04a6186cf7bb046bc0fa1b602c7455a
SHA256a6a7b1b0b0696857069651c58de7d0116db5190d255cf2639bd2007ff05f6062
SHA512d56573cf8566595c630252d435977b137eb924a70c2e9c6226dc14310580216e986554d5be25684cd43463b7585f1c6dfebcf3193411427587ec20da5938e423
-
Filesize
574B
MD59c52a0eaba7bd93c687e66c18a3719fc
SHA1baa494605fed01ee61abc4b40f501cbb9ce0da0b
SHA25699b71ab30355ce68bf9ea2e1fb51aed4bcb125c0adf6736130023db8495e4045
SHA512a81b1cd856cbd97aea568492e194ff0ad1080d227fa4308593b4d5176daf6ad95499bca8abb13928fd272c35cb613872b9a6b42cd3e102cdf3d5c55f19dcf1c3
-
Filesize
6KB
MD577976a73a57b1c346a2c7c12d22ec99d
SHA10dc207529bc65ad0aef35297e3856bc21ae4275c
SHA256595dafc2d8a48ed232075191a3d3082d477901ab525ff967dc7e0ffa2d0fa1a4
SHA51264f8253476c630490cc1458b40c8cccc9ff80fdf3d2159d18d1c84b1eac00c239e7e672aef1c21ecea6ebb310654b3e0810b2203a1dc4dbd52dd84cace6f988a
-
Filesize
6KB
MD59cdfa710d68f71a335ee03e1e29aa33d
SHA13c4000b138828921c7f47945118848ff1fea64af
SHA256bd6bd251eea78dc9e610ca30c393985c4c40b19868cf9a8da783a9932a790fb4
SHA51267a4aba78d49d1314c44a6b9f3ffd5784d9513f8dc0dfa3e2aa1fdbdabcc287c73429759f3df53750dab237e08ac161a6d28862f64c3de6f346484573cd0bf34
-
Filesize
6KB
MD59f84add10f17e12d7a44156b5ad0effc
SHA125355c5f95a8a4193b71764efffb354ddb7dc0e2
SHA25640d56f38f5bd49455cc797f30842112cdae440c07c5c81a7dacfabdce472dcf4
SHA512124e9d36e54ae9c8ad7a358cf740976d6c3c87f253e30471d773d690934ea36cc14872214e8f25e7f66fad44ff84678e84642b3776f8c5985a380d4245031b44
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bf9b379ff62890a028dfecb471e3bf78
SHA14478e834154e1279415e9091c25d581e8768a550
SHA256f986cb17d4864fd6bee90dcec7c3ad87ccde652cc0a4b7fca244a7f8f47a7f2d
SHA5123aa2cd026d3468315e98b3122f0153455b1d5c360f2f654fa98611c9f61ddbead6056a5236b94c01929820252f92d18257cb2f8e6df03e75dfadf3b60655fa8d