Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 12:50
Static task
static1
Behavioral task
behavioral1
Sample
5c03733ecf9d85e0df2db6cca0a249a8_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5c03733ecf9d85e0df2db6cca0a249a8_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
5c03733ecf9d85e0df2db6cca0a249a8_JaffaCakes118.html
-
Size
37KB
-
MD5
5c03733ecf9d85e0df2db6cca0a249a8
-
SHA1
3b259039f8c56f4d8beb7681ed5dc7e369691d87
-
SHA256
3228c11ebe59f7edbb6a65487df35ad8881863e4f8fae1fd4ac63322b2ed8295
-
SHA512
1e212b2a504f93784445d4f5969cd860f922fdecf1c884a8fa8f406911ef6c7645f3b822f248e64e1552a219396c596e098994417fd72e69b5f5f354f0db8316
-
SSDEEP
768:2rDvSmw8gH8azZzrkETWUTOKW2BctrTq28d4ZR/1KYETXZn2wq12kDok7t59TdvC:CvbwdzZzrkETWUTOKW2Wq2M4ZR/1iXxL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 208 msedge.exe 208 msedge.exe 3144 msedge.exe 3144 msedge.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe 2376 identity_helper.exe 2376 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3144 wrote to memory of 4832 3144 msedge.exe 84 PID 3144 wrote to memory of 4832 3144 msedge.exe 84 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 4200 3144 msedge.exe 85 PID 3144 wrote to memory of 208 3144 msedge.exe 86 PID 3144 wrote to memory of 208 3144 msedge.exe 86 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87 PID 3144 wrote to memory of 1912 3144 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5c03733ecf9d85e0df2db6cca0a249a8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9848746f8,0x7ff984874708,0x7ff9848747182⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,528704936301845022,2495696035125701180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:4892
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD575c9f57baeefeecd6c184627de951c1e
SHA152e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15
-
Filesize
152B
MD510fa19df148444a77ceec60cabd2ce21
SHA1685b599c497668166ede4945d8885d204fd8d70f
SHA256c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA5123518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\115222b5-4557-4850-a6ad-ed9c85794710.tmp
Filesize549B
MD53fc065597b9e7c5132073d3d0bb54ad3
SHA1372aa9b11a30b0c4280e5d7e8f8dfb70523c54fb
SHA2560c096adc07a411012fa4934dd64e9f4d01fc14db0c33df2781a2971860bea989
SHA5128a9a4dbd47a98a20de57d70984abbcaf4a82e88970d56eeb50a48619b0bf2ce9600b73bc77691563e65c35b67fc3431d407e6582b81f3ae25d5a9269fc3e4ff4
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
549B
MD5c37387199ccd265a209b47785df37a34
SHA1ffa0fa981366bd5b50d09ee5d91b73cddc453fec
SHA25690ad6cec095d8242a6d68ef4d6edbc8f6e6e9d1e397a51d1c0096b20b992b3f9
SHA51260f92e5f8e7c85140a4a4492326772b82c187d89aa1e20be8447343715ed659fcbc38ed2612dd7b4d2b0033c850e3c445b3e2ee9c613567cf503e74696a2ec18
-
Filesize
6KB
MD5e6cff89686141cfaa59353efd4f15d47
SHA19b306c7b3141c3ea80278c9714e8170d97fa283b
SHA256b53630ea083d5d91391129b351c1cd08af4d4c6fe57fd90cd387974e658bdb73
SHA5123ad095d6b3c9c97e108237d8b7cf5b5fae346f5c9ece99c4bbbf64f7c4f20ccac4782344e6ff6a41fb5432774d05f84e39d8055e3fc5ed27982a2a1ce81559cd
-
Filesize
6KB
MD51e255116cd07678e340137cb4a775de5
SHA130ac453a22956ec96159c19838e7a45619dedb4e
SHA25649fd48050dd18c69357a2402728c31b53856ba978aaf4a78a28443a6e5211f04
SHA512c6e38f1a79e240139f9974ccdab8e13fa5541ea21020eb59f79b3fd9df3589c4af02da6cafdefa4ecc4158723d86797c4bf2e57af59f561f8f2fd1300ec1c0a8
-
Filesize
5KB
MD564d9d8caeb306b73bd8a4655cb0ef0d3
SHA1f43386ab65f12632006c132ebb998af153db9d89
SHA2565b50b8a5d5fc7b2dd229b63fc16a0afdab02fa61dd182e34c1c6dee4ba1144d8
SHA512064ca61567f3a8dc98e803cf1270bbccd28799cf0c3c1a5d31a461acf441ef520ce5557b7e78a8f9b8227173936c2c1226b34f13b982717c611cf4568fdcab10
-
Filesize
370B
MD5cdfc8e12baadaa15c44eea9011308d7d
SHA1e6fb642d091e499f60fe38d14411ed20bb4894cb
SHA256a1ec9ba7ec51a17e76ffb101c29e66087a99df282cef772263aa8af9c8a1dd03
SHA51250b665836ae87c3c0662491f66cbef70699d1b088ae1e5c642980cf269a51a35398c8ad05ba12ff400af1ab2eb7c04e70cd7dba7db29e26141bf7ffb205d3cd5
-
Filesize
370B
MD5060bf95cf4f97f634d868c5e5400267e
SHA1beeaf4649cc62dda275645b0616157ae25e682db
SHA256ddd0b67051c3457b5d95fdf639eb9b35a2c39bcb10365d8709ddbb4f7727aa2e
SHA5124abb26f285b4c36c346f125447767225cd62317910ece68136516a551994141611b85f9ff96b16605e756af20e6ab93d7198e7ebde3be38d7a7440c4972fed6e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58916b92d09282ec79509535ebe10eca1
SHA1a10d19c063c3a16b679e246169622992c29c3656
SHA256117ca5aa5363688de907410dfdf3d0092e16c77052ed7f2f6b9465c518f69145
SHA512dbc2c8518046e2b12e3e727d8d7cde22bd6bc12d7e27a09a7746466cdf500ad15217cb60b16aaf091ba321f96d37b71bec1fa38030a332cd082b3acabe5a0e31