Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2024, 01:04
Static task
static1
Behavioral task
behavioral1
Sample
8270dd66440e10368764dc817cd72e8d_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8270dd66440e10368764dc817cd72e8d_JaffaCakes118.html
Resource
win10v2004-20240730-en
General
-
Target
8270dd66440e10368764dc817cd72e8d_JaffaCakes118.html
-
Size
72KB
-
MD5
8270dd66440e10368764dc817cd72e8d
-
SHA1
524f99d6a8d3cad9d97caa119b9afee8168eb4d1
-
SHA256
ec67f789cab2ba5165fe2da403c7ec35f7dc8d070787d25033d78f69d32b7982
-
SHA512
e5e725f8c04054140638d373f4d70d5525df32cb14726ac88e7aea746403e6fa570b9e37193f8a4e3fac336a7d80e003861e31824ecd55dbf91481ce7fc31396
-
SSDEEP
1536:vnPg+J0m1akFGwHJnrKu/kYBPlLe+kb7FvdJ5:Xg+J0m1akFGOFrKXOPhkb7hd/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2016 msedge.exe 2016 msedge.exe 4176 msedge.exe 4176 msedge.exe 920 identity_helper.exe 920 identity_helper.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4176 wrote to memory of 1564 4176 msedge.exe 83 PID 4176 wrote to memory of 1564 4176 msedge.exe 83 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 1708 4176 msedge.exe 84 PID 4176 wrote to memory of 2016 4176 msedge.exe 85 PID 4176 wrote to memory of 2016 4176 msedge.exe 85 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86 PID 4176 wrote to memory of 4872 4176 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8270dd66440e10368764dc817cd72e8d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0bae46f8,0x7ffb0bae4708,0x7ffb0bae47182⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:12⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9840336844107760597,1311927761329270326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58d8ccfa6a8b1b15db876b848b8fdc102
SHA1dc7d92c35e9c84d8d78ac0aedc926214cee68135
SHA256b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86
SHA5126ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8
-
Filesize
152B
MD581e22c2898ac78c14a840076a8446b9d
SHA1ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6
SHA256a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d
SHA51219381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD552b8a2281dca2fe4ba40d913d32cba26
SHA1829221286912396ed61cfc823131e29d997ee5ba
SHA256f1db5ff3bc81683e2bab9ef058465bbb290782ec78b0169cb153151d344b0339
SHA512eba2f946483068fcd4b0dce53d507ea418e048052effa912fc11a7e53ec207f0c0178738b7397dc715ed3f858cf46c9cf0abfcfafdf1610d9ae429fcea3e8f3e
-
Filesize
1KB
MD588b2239f553c0ffe74fcaf4ef16f8e76
SHA13696a1f27cfdfb3ff0b32cdc5cc8d845f5155c19
SHA256c9d711f7f7a7cac41a7400b845ce6b74ba10125b3fdf0bce518cbe11a6739352
SHA51284dca2b535f1b77279d023bff594f200c62217e8473e7524fa90949947290d33ba95b4061ee55acaf6c77d4f7912f12d6ae0f2c7f8e896dad464f80b34c40739
-
Filesize
7KB
MD58f10692c68f737758c139c4e6967dbd9
SHA196b8378fd711649d3dd5e26a8947373a64ee0102
SHA256760fd12bb04e6157e30acc784869374d233c434e5617164c411dcb88a1c5a6c5
SHA512cb905ce182638b33084e895afb47182c1c6a8292e597b181efde59d894e3c615913631018c0621a7ea8e8253817774f6e55f0035cd485d8c3438cea4a6ce414d
-
Filesize
6KB
MD596b8a91cb2739c427261091461b760fb
SHA1e87293cd0ef948b5f5241f767b73ba23283eb178
SHA25618afa373ac4aeb9d4f01a14682582d590d918dab774226d5cdf868b56f4e8c2b
SHA5123222819ba3986271c2cb915e42b274c3101af3b7628e159a241f39473fb692f0446e46d862d37d6f52b137e20328949235c3abcc937ecc20bd9e1cab9fc9fdf1
-
Filesize
7KB
MD525ad4cf55fed815d7685b44963950ad6
SHA161a370fb3a6fb6aaad0c4ff7ca1bc73bd027977d
SHA256fbce30937dd3de2a344464dd245f936aedea70a8391d82318903d8ef5e7d6cca
SHA512abbcb675701be18b9e8472d2d611648785ea5e3c2018755266f887765f28807ba5d036e6fdf054b7bc175651540792ab924b407d11333141a1a691416e0c3264
-
Filesize
7KB
MD59fc9aed2c83e925ddf435d46270e1c19
SHA12f17a9ec790a7e70579d4b0e5740dac4174d003c
SHA256168f2132121b48126754509b7fc53a5d3af43c84b94704ce7f237dd328f6725f
SHA5126c038e2da59fdbf9794a1dd0603badecff633e83eea2ebdb61648298dc18866d1056d8af5149891e71cabe42f235c36f4e195305f38ca7b3f88d733a9d4d2abc
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5fd4853061f59a9ba74a4442150d8d7e9
SHA12a51b78230948135674e4c981953c2e622cd432b
SHA2566a8c578212de3011208e718b92c0eeab2bf013924e5d6eeeac5b68fc774423c7
SHA5124dd3ef58920adb581233c80e761333c4015455a9511ab1a85ccfec6654dbe0a2e8e0aaa1cd8967f5086b5832586b9a1b78cc130a855493eb549663eca11a8690