Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 03:45
Static task
static1
Behavioral task
behavioral1
Sample
4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html
-
Size
67KB
-
MD5
4010fff24eb50be0e7d6e50e2c27b49c
-
SHA1
3b2a87af4b0fa919307b238b574649ecad1221f2
-
SHA256
4d50202f10577cc2d6d1e24f5eb479fe7edb00483d06033dbee9528188d8129a
-
SHA512
5fe137f1081bebb3b6f3fc53f2a59b8b20e583c61e18fda18b22d5edae653a02d015c6e90d8c8f7332e8c3428cdba63a9f3bb04af27c63042fc3e75c07f9c25c
-
SSDEEP
1536:g3p7/VAk5MDkuq8yF8WHHPBHaBDEz9kDH0:0Vp5fuq8yF8wHaBDEz91
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4664 msedge.exe 4664 msedge.exe 3092 msedge.exe 3092 msedge.exe 1920 identity_helper.exe 1920 identity_helper.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe 3092 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3092 wrote to memory of 2176 3092 msedge.exe 85 PID 3092 wrote to memory of 2176 3092 msedge.exe 85 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4380 3092 msedge.exe 86 PID 3092 wrote to memory of 4664 3092 msedge.exe 87 PID 3092 wrote to memory of 4664 3092 msedge.exe 87 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88 PID 3092 wrote to memory of 3116 3092 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6a246f8,0x7ff9e6a24708,0x7ff9e6a247182⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:516
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4764
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58dc45b70cbe29a357e2c376a0c2b751b
SHA125d623cea817f86b8427db53b82340410c1489b2
SHA256511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a
SHA5123ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e
-
Filesize
152B
MD51790c766c15938258a4f9b984cf68312
SHA115c9827d278d28b23a8ea0389d42fa87e404359f
SHA2562e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63
SHA5122682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5b35245f68dba26cd422c1e390f000a59
SHA1cd30f732559cc3249f957005e51557b1dddf54e8
SHA256c82488315753b3ba0edceb89b8b6aa9aed31a55a1a3a847ecd165fbf837091c9
SHA512344f98cd0294f37cb71ec674f9e7edcff60a2b7b2f4d9c78c6fc7c8514b6f89d453799b105a188df441b0b19921b75871f4595f52a77ec76a4166c2df31223e8
-
Filesize
1KB
MD5f93f5cb8f988b2188958f48b9b8bea6a
SHA11b055a972880792c0b7e189230ad34d21251a0d6
SHA2565319c03b208cd4df2b02822f49882d658d77287c688cf0106fdd524ff6a4dd4c
SHA51231f0fe56ddd318178807fa16d7315dd43a991323316b6927566bd6a2a8413b80d53d8c2e5e1883db33dcc02af6ee7ab5624855eef2ef9e2df241b91ede539efa
-
Filesize
6KB
MD5e9b439aae90c189914a5adcd8c5a2ab4
SHA1a925e1833097db4d47c4d175ee697b75a5ba8a6f
SHA256e314e672f29a5276af7efc1c2230f10c23ab668c19c392ea88b55ef0c0bf8cb6
SHA51275b735298953e3d413168cb4a3ef0d818ac6da0aae227e2f6d1b4868b5fa41a0ac935d8152e629dbe68f10f3cc05428d4935f5778edd002009a85a8638ad3324
-
Filesize
7KB
MD58a8dd7fd0b36a6f9b1283eed3e9f5b60
SHA1539aac7ddd48c43bb708b6e9e803fd517d4d719f
SHA25638ee50e801af7a56a366c2abdf76b68ffa49dd67c750a7c904566bf5cf84692d
SHA512d8591066204d71ea134f145fc457c3511a0f3bd00f5fda8aeb50e7380dbcf65ca37355021dfcca6d325434582b6bdbd547dbd0003f69649a81560e148d6ae064
-
Filesize
7KB
MD53814959ed7dfa02a9fab023cb319a4da
SHA1bc3ac8289462965f0d72a28c49d806dcf257ca99
SHA256efe2605f0d566e9abdb8a11c24f6d88163b9b60e53ada242c69d4f5571a7fd4f
SHA51221cc15cde7a86dfe48fe666ca7048a3eae97f95704c47b70fa50d109c4c6cf4f5e67be514490826be7496bcfcb6072a506f2ead9b2fd2cd3bac6c24ecf994ab4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cc47b21b1f39332a447050f0ae1d9dae
SHA180c2d415e8b85e4e2c646daaa7906a011398bad0
SHA2567fdb71d2a62ad8baabd65ceaf4cbcf69168160db0767d5502c56398174d1772c
SHA5121db70a1969e05097a63034a7655fa9e2f9a38a5ebfcd055c09211fa8e29521c80e38c8379350da6d88c28a095859d495e57d50bbfb0281197c3676cb6a787070