Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 01:52
Static task
static1
Behavioral task
behavioral1
Sample
59fecb3e2f0e2e096817903abf32c611_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
59fecb3e2f0e2e096817903abf32c611_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
59fecb3e2f0e2e096817903abf32c611_JaffaCakes118.html
-
Size
57KB
-
MD5
59fecb3e2f0e2e096817903abf32c611
-
SHA1
672fa20f8d20cf3292f933c8d023a6177c9b6ec4
-
SHA256
c30d3db66f181998112187c06e46d6deb101e2fa38cf58afd72ed312b740b7b8
-
SHA512
763528803c9fc31ea1d7cfaa6f370076814847854da0f7c4e20829a2e0c8a901a97a4e0d85d21a57a4a3f728b73cee32b63f6ee31512fb2888248380067f7670
-
SSDEEP
1536:gQZBCCOdv0IxCNtLbqfrlfjfKfdfjf7fsfcf/fqflfdfvfMfKfPfpfefHfnfOfJR:gk2p0Ixlx7C1bjkE3CdFHUiHBmfPWRYI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2276 msedge.exe 2276 msedge.exe 4128 msedge.exe 4128 msedge.exe 4868 identity_helper.exe 4868 identity_helper.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4128 wrote to memory of 4208 4128 msedge.exe 84 PID 4128 wrote to memory of 4208 4128 msedge.exe 84 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 3876 4128 msedge.exe 85 PID 4128 wrote to memory of 2276 4128 msedge.exe 86 PID 4128 wrote to memory of 2276 4128 msedge.exe 86 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87 PID 4128 wrote to memory of 3612 4128 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\59fecb3e2f0e2e096817903abf32c611_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb094046f8,0x7ffb09404708,0x7ffb094047182⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:82⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2384260793464801603,14671140868436416922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD592695f7441a074e2ae0b50a6f63b78c5
SHA18560f9cde3945f1e0020cd9d5d8c7b0ee81afa6f
SHA2567c8a1ffbb4f412a82c4285e3f2b7e9fb57e10a723971627df6a676ee16fa9eda
SHA5127107ae023240ccf91a3bb6073c875d91e68bda967a31ec1525ba230d9245c248f398945c463e497789a097c7eec5a86014339a365cdf1843ceff21ff1d884ab1
-
Filesize
1KB
MD56f476d27d4b3b272fa8357e2f0ee3b32
SHA1e71143d0cb263d492aeb89a354a5dba812b661c8
SHA2563a5116c91b40409f0e5b312c42eb5c49bf0efc6988679d3bc358a15166b9711d
SHA512be14b352c826714d67700341e9faccf6aad525350c0c8eabb0c6c1bff950e5c5ba2f96a2b724c7cec463d40c8c247507022c357c0aa1ee0d5fae899810d4a423
-
Filesize
6KB
MD511626c16a6dfba0777b8426479541859
SHA144a30be9c7bb38d67d884ebcd1a466a8af7bec12
SHA25675389b176dcb506f2e810c55e194738eea6c2c029dc760c26e354fe932769bfc
SHA512bdb7041794ec0462762fb3855c9517221e9db1e64cb6cc844a7beb4674b7ec5615157dcb5289d7da8aa2cf151ad6d4bc27c5a06dbcbf26028484ecb31227825b
-
Filesize
5KB
MD5f79ef9b6b656125dce3beebe867d6233
SHA11f225d06bbb11c1c542c35a903dfa52e672c3962
SHA2561b4337b0a0998698822930b20ec197b0d938d7ebfb2d51a883abfafe7d85cbe3
SHA51286550713433954272b15c0aca7bcc08103c60fe35eecdf1650143589d46764858ca57b3c581a57768b86f50707abf7ba5dcbf901d2bfc4173c236e23e0a309a3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d00724286cd281d00b256fcd1ebe1be7
SHA1c24cead55d24c0fd40305f98c21c4b2c3a95fb00
SHA25656380cd98a05e9948286daa7661460c545082f3b1dde53ff5df21c8c38c7cf54
SHA51269ae8b50664dffc7b285d947a397ab5c36b7976431725a62ed9df7f1ee87894dd13592f7dd3d2e5ee4ae292065e3a78f9710ecd9fddd9a86d3bd4fc000ccd619