Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 05:09
Static task
static1
Behavioral task
behavioral1
Sample
5a96d7852421bbbc0a15153cdaaef73f_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5a96d7852421bbbc0a15153cdaaef73f_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
5a96d7852421bbbc0a15153cdaaef73f_JaffaCakes118.html
-
Size
14KB
-
MD5
5a96d7852421bbbc0a15153cdaaef73f
-
SHA1
4fc12cadf824a370b9083195ab53ab4546ddaedc
-
SHA256
41a6c33a2b9bedf3a3e2aa0701815d818d67be26016acc77718613c0727277de
-
SHA512
ae9ebf479a26257e478792a3221678e14f1f402bec6798a10103d7a91ef6908e181c5b64ae392290ec741ab5abaccdd8166a8d2e6ef47d6ea50a41731eb7a2e1
-
SSDEEP
192:vLM1h05jctxQZruvEB7Dhe/FGcF096SuU1WqDbc5/U+T9Zt8C5RgNAcOJmlmP3Ke:zgAcoZI07DheNGc2sS6qZ+T9HdiAhw2V
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3596 msedge.exe 3596 msedge.exe 2768 msedge.exe 2768 msedge.exe 2332 identity_helper.exe 2332 identity_helper.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2768 wrote to memory of 4932 2768 msedge.exe 84 PID 2768 wrote to memory of 4932 2768 msedge.exe 84 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 1432 2768 msedge.exe 85 PID 2768 wrote to memory of 3596 2768 msedge.exe 86 PID 2768 wrote to memory of 3596 2768 msedge.exe 86 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87 PID 2768 wrote to memory of 1420 2768 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5a96d7852421bbbc0a15153cdaaef73f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa865346f8,0x7ffa86534708,0x7ffa865347182⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10874973220159642872,7703253876852817131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2324
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56c86c838cf1dc704d2be375f04e1e6c6
SHA1ad2911a13a3addc86cc46d4329b2b1621cbe7e35
SHA256dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb
SHA512a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37
-
Filesize
152B
MD527f3335bf37563e4537db3624ee378da
SHA157543abc3d97c2a2b251b446820894f4b0111aeb
SHA256494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a
SHA5122bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5e121ba5774374a687164bd6f2afa5206
SHA1d03350ed6d7638a2f6cce3c1ddb4147275b6a971
SHA2560bf33c1586dc3ff8622e5bef486f6f4e9ef0eb20085e16c0b8ef01b12cac8545
SHA512f507b463fcc8d9c1f6a5bae3f33a9297ac79af7a588c18812c1ed25781211e7b9fea6c40fac27b247f1f5a54d3243a3c2a9398e3c2633e82f866639df3d735e2
-
Filesize
1KB
MD5cfdd2d090c57fc378bf4a383867190fa
SHA163a02794f49b8dcab506f6f211848af86779b6af
SHA256f8df208b063221d7152f99880a4a9c026c7428ad6404964ad1e57afcf016d6e4
SHA5121e9dc5718794432720811d866e86013a8b9d6b45989da2806113c8d804942e8d50cf2d70c745b98fdaf3cdc727efb265f0117c46c78b5294b7d1842b3ce794ea
-
Filesize
5KB
MD56e0f9e6e04d0676848a28eddf95016ae
SHA188e80630559e2dc403f22c7118a37b3c66b23a89
SHA256b981375d82c062b67e0c5e78ac51b3814d086ca1fb8784c4ebbc340cc275f83e
SHA512cf278085314a4200334e57560fb7977651a5150ac242900dbd10e5032a4cf0ac3cb0a78313155b3532715ddb5b1b27dd56a2b74130b7615497f1cc995de021ea
-
Filesize
6KB
MD5860a2e9b0e16eabfdd8eff5ded77a986
SHA1e2c1486e6d858223fe8d63906cbf8d6723f0368d
SHA256f2a7db7ec6010ae6848d06416b255a854c234f2f0a3c1771db6466d3e7b18ffc
SHA5126bb27aac76167c193f34bf1b2dccba21b2be0dc9df79acf69ba0f50124eadaa49000c9589782c999fe6431bf69bec225f29e3f58dae6d116001d194dda2a8010
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD501a610b59c474bf03424bec8bac54ae5
SHA1c0085680d9de9eb50d774230fe8271103c6778d0
SHA256583f39e257cd7c2f8032da185d36989dd7c50d361f2189a4c8f1c2bad01df168
SHA5124bfd839f7d82ba3772733901b07a2f436c6c4e4d541410304233dd4d6eaad91b42a976288731df83b633783e0910bba05a456982cedc83eb6344a3e221dc612c