Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 12:55
Static task
static1
Behavioral task
behavioral1
Sample
49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html
-
Size
83KB
-
MD5
49de90165c7d8db0c065ebd1eb0e3eec
-
SHA1
1aa10fc831ca825b23592b538259d09a8f2e5ab6
-
SHA256
32feec76790aec8426d9aa09fd217be884e173a4356eeef474692e5180b30cc3
-
SHA512
86d004cab9c48c1327d3add1c9a10b0c553cea352eebad395f0f45f1e714a4f349e56750f113172dec77196d5f16270c3b67896791aa6be9d6373c90a4ebf894
-
SSDEEP
1536:w9zrHoEwOVtLl2FBTTQ1sCkgD0bUwHmE4UEbGtg:wQUtcFBTTQ9kgD0bUwHmE4UEbGtg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 1120 msedge.exe 1120 msedge.exe 4784 identity_helper.exe 4784 identity_helper.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1120 wrote to memory of 2976 1120 msedge.exe 82 PID 1120 wrote to memory of 2976 1120 msedge.exe 82 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 3172 1120 msedge.exe 85 PID 1120 wrote to memory of 4776 1120 msedge.exe 86 PID 1120 wrote to memory of 4776 1120 msedge.exe 86 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87 PID 1120 wrote to memory of 520 1120 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9ca46f8,0x7ffdb9ca4708,0x7ffdb9ca47182⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:82⤵PID:520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
Filesize
21KB
MD5549baced2c151db8a02c3419aa5c01be
SHA11f36a9716da201c5e45c1cc23c349bbaae44a3c9
SHA25611938f83bd463e29316808f3e118440f718f1c7a0761bc860171255a96cbefca
SHA51212c40a66af58d9436d7c3361de906077402cfeded97361c81d9900d69d405b5ab002ac36aad3f8152c6083e00755442bd1bcd1766af26c097638051dfe1aa9d0
-
Filesize
45KB
MD594019c00785285cd78d6da8a1bdeaf80
SHA133ba11bbe8c91eca17a84c3dcae4667638a61b57
SHA2562ea5a487d117c082ab04c8b2d979adc04c18f496af90ef2caf9910d9902ef8a9
SHA512b58d23d9333290e203ee3191cbcca4686ae1f9b4c135ee8a8e0f014e7db4efdcffe6aa82b502b2d8e63bde705895a04726d799a4c6b0e22783b6925b4d297d70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD5cdfcbb6ace21c79ce1ae7a3e0e4d0785
SHA1b1cd6c2ffe475ba4da843f4b91402053f86e8755
SHA256fe5f25604481ff2430df08bd1cd3c51870f71b35c4d9d76d97a8cf1684c8646b
SHA51201d48d0e41c7a6021332dc803f6c5b03fb4be8d5331a185c8d16b87943f343ad8256a9064a6a93b7bd3f99a4b2e50b6f2b1cb380265c8661b6d06f9fd7c6974f
-
Filesize
1KB
MD530cebd93e6576807dc3de6657cba022e
SHA144580c549cd64d462f2161f848c598635044a962
SHA256441d8881e348e8f5ba9558264a5fdc76133dd2eb79ad21b18fbb6cacaff08afa
SHA512d1aba5db1c9efe65ad607dc85ba0b41180f627e0947903ba6ae6b33f268f272f921fbd9736bb353235142bfea45eabf4fd94446c042c60b49151e0358404c01a
-
Filesize
6KB
MD5af7a2978b1f0d4297e21ccb44bcb5cd1
SHA11b7e7db8ac0cabf964238346b7b7736cca8a654c
SHA256241c7740805a37a028ddc6be46d9e105704d00689cc50c6afa7828778b22c5b0
SHA5129b2145acb2e70a7e85ab0d75ff3785a8a3df87274603ee6d014b67247a44dd49c5635fe61d324cad81d98a4e5b7249a2d32009e87f310a96eaec79f20eadfa84
-
Filesize
7KB
MD5cc50385b95b842a103e66f6d0c86b417
SHA17b03547dcb183c6afdc68b9c9adbf056a7aee4da
SHA256f4b3ba25f0444a319f9ae2420f41737c2c2c21d0e3294f7ee788854103126c01
SHA51248c631260400ed1648b10c2243ae2696c4b4766924d3d22c5163a1bdf1a48b6754be97f8ff58bf8187ecabf460f10ef7f64464f8ba0f20c54a76e75a8c478fa9
-
Filesize
7KB
MD514a7f1ab3b2d1cb4cd95c25852778ca1
SHA111e80e3122e8c4a8a7c9afb0b6b09e7757d601a8
SHA256001ff0fd297d4ee7a0c028fe1f85e90d0337b7e4be22f3818b719591b2bbff3c
SHA512795f32ce25bab092ab1353835b0e1d0c37b72a0c773c5f67a5faaff47854206aa03191623c7f85c150919ddf8c766095f2c1a3c3f5841ec90867e65017b48340
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5e33a491d020429f5ee62fc452732a6e4
SHA10aea6d2314af25bd59ed6d447f6654adf48e371b
SHA256c5860494f2c1a1c0fd966a6113d2fe2fabedfb4b3e82436d41df603eb7a6973d
SHA5127a93bc9589da4349cbd982e63a7830b468b5f0933d9993bd34a1f12b81b23c80cbb0ee18aa4c80da4fa8af00ba3c002985c4a1eb0c46a299b28072889e9e6853