Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2024, 05:43
Static task
static1
Behavioral task
behavioral1
Sample
833f1cc192c16aed4dde7c6cb898b673_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
833f1cc192c16aed4dde7c6cb898b673_JaffaCakes118.html
Resource
win10v2004-20240730-en
General
-
Target
833f1cc192c16aed4dde7c6cb898b673_JaffaCakes118.html
-
Size
17KB
-
MD5
833f1cc192c16aed4dde7c6cb898b673
-
SHA1
b9daa99a4e84a817d905196262233ef0205a78aa
-
SHA256
477d791393411d8e86fc472b7643bb6388efe145372d69bf4567af848f7c8e20
-
SHA512
e45c950c1af1c12220f12dac2aa01f51387d921c70f76ff28bc98615919fd05c9bfce9f17f011bb857cb3d4a77d7ac8f9f15bafefa3b8c472aac4043f8f013d0
-
SSDEEP
384:OjSsc7zGus4QW+6XglUsNLsc38vKvWSVydFFKAz2V:CBc7zGkL2rsGVQNQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1084 msedge.exe 1084 msedge.exe 2148 msedge.exe 2148 msedge.exe 2376 identity_helper.exe 2376 identity_helper.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2148 wrote to memory of 452 2148 msedge.exe 83 PID 2148 wrote to memory of 452 2148 msedge.exe 83 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1972 2148 msedge.exe 84 PID 2148 wrote to memory of 1084 2148 msedge.exe 85 PID 2148 wrote to memory of 1084 2148 msedge.exe 85 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86 PID 2148 wrote to memory of 532 2148 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\833f1cc192c16aed4dde7c6cb898b673_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98bee46f8,0x7ff98bee4708,0x7ff98bee47182⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,18046261180435698331,16047505770669233914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f424846d13eef75a8065348e647b5c3a
SHA1be8a5c387e75f166f933402aca3f6e6f2129e4cf
SHA25640be99629f284d8f3b43c24811b93d372757306f37adbaa90e785ff2604f52cf
SHA512ffb2097c52a3baf18361348787dcb92cd10da54a25d85600184b0182d50f08420d91ac031141871868602ca788cd0eac66e302e8ecce220b2f707f8741e3d178
-
Filesize
152B
MD56c3a0da38ed31721bf66a6e7519f300a
SHA1db05166b0c96c42e4f89402f1eecb0ce00c5ff7a
SHA256e13bc70f7eee42221ce6f2ebe017538484dbc6ec1059450cae7c579dcb8e6199
SHA512c38a4e591360ae323d9be207ce2af8375ce3797bd16c3da2b8ed96c480d64fd1fd3062b1cd178f7be2f01477b68fa3404c021903c51abaecc90881f96bec76f6
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5dc21199d1ae5e006ce8b55b500e352f4
SHA1ae46dbabc95d10656b05818f2512f52c7582f04a
SHA2564a2bcbd43de308c2de19ffc65470503729b2effb4ed1de5a124cb91ebe208cd6
SHA5124b5b5beddb6e9c99e5aade7e668fdfb69d0b252b83a7e9699f02f02dff73bd174909021227ba94c9292882c4b281855ecfa05cffab136c15f12e6b043c14116f
-
Filesize
1KB
MD59df97b3bdc2d1c025936519227ec6651
SHA178dd8fbe6600efda7401e984386c3e3ea7d39797
SHA2564085755e3b9a58d8d2fa095fa4d43b2efcf6b5311e3473fcc237c2a1b364ed59
SHA512bbd7c5d8d5a98291af226f34096438a35ba35d41115445e7c54ab606bc2b828e8503a3feba0bfaf18d0a68da42038bf2b51881387b3b11b966d10b021da6be34
-
Filesize
6KB
MD5e1d2d42b1ab82bf9ba56d7701a432d9c
SHA1d386e27203da37dbe83204d8ccaf0ad2b95ac2b2
SHA2568684625d8cc55034dc67ec936c03a583554843c435f795f8a8041369b26d7f11
SHA512ae25ef945ec7e52ae4e7e3aed3860a1a0be06f9f5c698c396132009811624904d34d65821a218b4370e2a01d68045d5cc345f670c4d032dda2d750ea30a4bc90
-
Filesize
7KB
MD5dfb4ee1c12b2f4e7f1f6d6417d5d3ba4
SHA127ed1944ed87de2c659fd87c6620ae6906a2f57d
SHA25683b0f10cd1e3ed9228fd5c473075582cf605131777c4907dff82d149af656288
SHA512226f45bd07e68864c248b78c8bdc47a41884d237be7b87b0873daf86ed29d8bf022df41eeac239ab6a8913b1e0cef52145fe35eef1493f1027007fc9e89ee23b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD535ab9ca9424c2641d99253aaa12473a7
SHA1461642ef877c185b8a27a0620282d8c473afeff9
SHA256d66baa4fba8030f689cb7dc6b56b70f5de187353a6d64bd86c1b782567d4de23
SHA512b3247f959467104b2bd319674b2da2fa41a1296843d1b2fdbe28ad1da013aeb5a9940650f9c7fdf0aa5205c2f5a059c0f7cbd8164ed66feb17959067b3c8edee