Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
26/07/2024, 02:52
Static task
static1
Behavioral task
behavioral1
Sample
72538450866b57444207c465e0c4ae99_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
72538450866b57444207c465e0c4ae99_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
72538450866b57444207c465e0c4ae99_JaffaCakes118.html
-
Size
84KB
-
MD5
72538450866b57444207c465e0c4ae99
-
SHA1
9555c152cc1a28e9bce9b3c30ce4718045321fd1
-
SHA256
2971386ff74abe2bf2693b9fe3e8b16eb3f0b43359284df778e95efeaffbe393
-
SHA512
2d06d8fffbf5c897f982a6df703038d6ecd7843b8d0f18ab50b1fa44e6adeb623a183de078a01dcb82c196c27eb3d5ee6d6bfc8d3b05aac7de7fad9b54b85c92
-
SSDEEP
1536:itBHv7ynv+jr4o16H/m4upnJa05fafzrs:6BHTG+jso1f4ubawafzrs
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1648 msedge.exe 1648 msedge.exe 4696 msedge.exe 4696 msedge.exe 4628 identity_helper.exe 4628 identity_helper.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4696 wrote to memory of 4456 4696 msedge.exe 86 PID 4696 wrote to memory of 4456 4696 msedge.exe 86 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 3960 4696 msedge.exe 87 PID 4696 wrote to memory of 1648 4696 msedge.exe 88 PID 4696 wrote to memory of 1648 4696 msedge.exe 88 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89 PID 4696 wrote to memory of 3872 4696 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72538450866b57444207c465e0c4ae99_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcbe46f8,0x7ff8bcbe4708,0x7ff8bcbe47182⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:82⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5839021477beb87c769c8235e4b6e54a7
SHA1b90b3d0620d05675899a12b8b535759c4db303ca
SHA256d78cf03041e8c50bfa54cf6ec626175d3d56493a16e84be2b159eec3a0597c1c
SHA5124add2efcca97c38c0d64543f1c79da0f9c7c8ee90879465f265e6edb0d9ab7b7845cd9ab9fba10700f3509cd4fbaa65b4413e1aefdf0108d51fc6b2f021b3ec7
-
Filesize
1KB
MD55e42d20224443c6c67b84f1bc9f574c8
SHA1b258f9479c8ff30b3a95158e21b75d5782953f95
SHA256f69d5460eb61a6cfe1abed9482c31da9d9ca84b0d52dd985ee2aaf81e62e7cd6
SHA5127db23f1b67ddcae019ca04157bb7d245e6752f7872a3b1e1cf3286c8fa54eb2700c0a9f2ba5ad096e88ef9a31ab2da6e69290c6bc5662ddd8ab00118ad876558
-
Filesize
1KB
MD5c7d54f72b72353b81aaded3450246fff
SHA1b84df2b830c395754b4731f8d3660c9e7100e687
SHA2562d423a89e7987d37260c2a4180de17c9d04fc4049a7a1b6762201cd38df80dec
SHA512acedbd06cf27222080288b3d007d6c268d566fb77c96a4846bc3b998c46562818b08756950ad164064f6d1d8cc2528ef32c4e3fb7cfb8d5c64395d6db87780d0
-
Filesize
5KB
MD5d6987e84fbdd600fab2344d3a42f0ce0
SHA1164a1a080827c6492f556e215f9fce5b5f4048f9
SHA256222abb1e67b3b971f1b26da79857d24f28eb5951da95c11771f6dbff4e3b097d
SHA512ce6a35fad94737421650202e777e75f29fab54ceda16102c269e5b716f3d81b467cf250a45466229c9fc6ebbdd1487cd9523aaf11689acfff9a2dc554ad24fc8
-
Filesize
7KB
MD5d5c37be475bd8c86d7a415aae3edb396
SHA16991a9b0a5510dff5f92241b99f51789c3c7091b
SHA25666eea819e80f2a04c716001aac3ba3be69735577f684774fcf7d55101fe8cbaa
SHA5125d7000d5c1c2e65e8cf6867a33f6e4296a6e54a1729aeee8152287b9e5579141cc6db9bc086aa9560df481e43a701c66fb6d5e0cade12feb65da9bbbc5b1b282
-
Filesize
7KB
MD5452455716b80ef3ffd6ee64a359704f9
SHA189b379045e36c4cf5582100c60e0bf485d11bfe7
SHA2564661e5ecd068959292f3d98f934e900471e5df31940b9a60b6198f8b54d0be66
SHA5122204043ddb9235c43774574f4d72aeb799cfc39f21b9ba78299762f8d3d57cf781117812ec20a703cb16afc8d875176ff061f54711d90cf2edb63a3bdb98d8dc
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5355713f4736cb06debce82c7292540f1
SHA1ab2d53a8d04fcdb1112c20af8a80a0f21cb80ad4
SHA256a6f01b4478b1589dafa6856b16f7cad964231ece85960ab3e7f2bf44f02c576c
SHA5127b493da5e2431ad451effff7d4a44cc064702c3fd4f8fbfec6d6df413583b5752c23a5414121350a9e7964b72bbd7d79c4c1b775ec9f74d889970db41b311ecd