Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/08/2024, 20:44
Static task
static1
Behavioral task
behavioral1
Sample
837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html
-
Size
340KB
-
MD5
837e9eef3e918383a6c44db01450c9f6
-
SHA1
b38fbf906f51bb0fc7666ad115edb4c15c9f9da1
-
SHA256
14a47c99a4fa6bbb013e8202de20a4279395347d399e7c75e34ae0bc6ac2f922
-
SHA512
d8a02cdbd1df2de708067cfedc918e5b61d22c133b7117cbe1b9a7d33d8a7d0baf491b54448122df37c4e2d40df4cfa87a4c398a5f6162f339bc291938eb359a
-
SSDEEP
3072:Q2+VLC6qq6pqPE6jc8cUxV0HIQqiHkueFMg:Coq6KbT0HIQqGk7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2708 msedge.exe 2708 msedge.exe 940 msedge.exe 940 msedge.exe 2720 identity_helper.exe 2720 identity_helper.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 940 wrote to memory of 3488 940 msedge.exe 84 PID 940 wrote to memory of 3488 940 msedge.exe 84 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2680 940 msedge.exe 85 PID 940 wrote to memory of 2708 940 msedge.exe 86 PID 940 wrote to memory of 2708 940 msedge.exe 86 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87 PID 940 wrote to memory of 1756 940 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e9a46f8,0x7ff82e9a4708,0x7ff82e9a47182⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3296
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
1KB
MD5bba9ee8a8b6d4c7dac2fa1ec2da4cd41
SHA116ab1c915835fbd942717a23a45eef0473137300
SHA25660f2af4522c9d63263f1dbdca082c7236c77150ad692abdda9f6a399e17c7855
SHA512a0d51fe2d7ae966e4928bfe3733d292045a959955dba9a799d8545a0d92deff216902cb2bc704fb2a43372489a15b316eb5646691068f86d233d546826cfb980
-
Filesize
1KB
MD5d21d3e14921b2cf0049edc6993c3a9ca
SHA11302f5062321d4b6593463011bb95992e2ae4be6
SHA25659db0268a7968ac161eb5d3996a9e871a6ca45af41e14cb6f52a27381a029001
SHA51293381d7352cd66d85754b2d96ef0b6c64dbe160b03ce3b46cb2372e798b1778481d54aa85a1d06967f18b430c61424aeed5c70df88ab4926709e6d1a3f7ac353
-
Filesize
6KB
MD54c99365b4d1d5a89fd6bf4286d9f4cf5
SHA12f2300bdda7242ebfe5cba6914ee52936cd2923a
SHA256d60529f0076f43de7fcb7e1fd7207ddbae534aab4afc7a481738bb5de7b4b848
SHA5122486527f2a5eb3c2d91bd95801cd9889831c696038254e1be2c24f3f4365a02f131e98ae3774578a73fdf9079b31e4ac83fd3bff988071fbad79a439f8e5b1e3
-
Filesize
6KB
MD57db4535889b3e714b76276a79c6d85d7
SHA1ae1bfdb262b193e55914a6ad84bf2d0c6f043c5a
SHA256fac49f700105452b1f18f856c4c83828c05036c2bf55fb359396ae7937faf7e1
SHA512e5cadb179e891d1a5cca65d9ec4e2debf24f131bf6c94e7d2a1b8089c204624bc98d7beae80833ff12d8b1ac786984d4946d4e52e21b146276a09c2da18bae91
-
Filesize
6KB
MD57e41686a9aceac2de855e8151ed49bf2
SHA146466f6bf6eae5e41f25a5e60e6807199b0d3e3b
SHA256b27371d5199297c408f89d9750fdf3578601ead73a5432cd07820b00bedb65fb
SHA512b415c2e43af27f6ae235b6c85a6f33e8b9d2db9aa94e9b1e4791bf78d363f1eb9f9263b0c186ac0a5dbfabcdc941b69d0dcbfaefaa9ac074cdc80e7a736e1855
-
Filesize
706B
MD55d0fed7b6742390bfa2e4bf529658f87
SHA133d6d081050393de31daac738c07f6e55e69facb
SHA256dbe5e13d4844c23d48a5adce76f65d37b489e4b05ae5d7d53b1a52c9d9b97532
SHA51212535b04f4749156169e63b8f2caea76b8ef053917793abe9d208f17f07309b1f98c87ff07971f52daa7cf125ed7efa4c5449f3509bcc1ed0e84ade174c5fbc5
-
Filesize
706B
MD5a337de238b20ae801bc747e2806fef95
SHA1e9dfdca0dc051d7e88da03629a04d0d075da8978
SHA256576b6542b0d5782f81d5aa37193075c9eda652b848aa6944f14147f8493ca012
SHA512ac5e30c0b1b37737447aaa0be1d2d7086d9e7e6406ec60db0868d42b11abaa89c7b1d2f4a67f638d6e7214cf8482c98670e8f202a09968834d9c823f4608df7a
-
Filesize
706B
MD530ab80af5974b0ffffca33cd6985075a
SHA16cb5b8b2f83e16006c8f8b0909a694a5aaa6d424
SHA256982b04e02eee48a835cc5cf0a26057013476f3615c9fe26f3bda2e3825478824
SHA512534713f1d6fb0b9c8a33e0981ce30cdadc2738b024601d115db21eacdf99760bbbf46c8ee9e36bf4dcbdd0fc6995d8a1818875a8f7182dbf7089502179f77012
-
Filesize
372B
MD578918feaadb05e03f212e3f48afeedbb
SHA1220fc0f7354f6e78f52219069d69e9726333a655
SHA256593a435dece6292be4920a63756ae29e7401f677a51ae6f51186f097dcf13c0e
SHA51250bbb2298cd9ffb924742c795a3b72dcfe0a1483422e400501739bf0bfba1fe58fef8da2f0354bc0b686c4209dad1182ce2832e79a8f0b6ef762f9aca22bb84b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57e637c09dcdb58a8b9b5483912c30d8c
SHA1f46ef5b378dac2d6d0800a7a1f0caa2db12ec2cf
SHA2569fb7be270fe7bb815971b23025b85bf24eac806a326039f529972489e53e221e
SHA512937c29a7d9eedefce3a8098094ba3221b5a15c7b913f8e3b5ac6e93700948e6a0315fa4c7002ef28667c63532884e77e0f487c69a9dc4acb1b670d8ef6b22b9c