Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/08/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html
-
Size
15KB
-
MD5
94d4f811d1fe8f86f5e8187f7becb04c
-
SHA1
c9fc1e350a50e74a7f511d137ee1c7bef52bc7d3
-
SHA256
199c4e9e8d4d4971914bead153b348ca14f9c698673dc739fa31f8b003ec82a7
-
SHA512
3e234c3ddecb7165d335d1fffff6af40a85dbe36a1dd6d0f3e2aa1dd8ddc302f50e18a1c47f94c3bec0425fbd0d78f69a97b430fedae111218db2308cad6ce98
-
SSDEEP
384:RjcvbdrNnCoTHYR1hm2938NInFLjWWBNe+2V:tcvbdroozQd9M2nZqWBN4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 720 msedge.exe 720 msedge.exe 2620 identity_helper.exe 2620 identity_helper.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe 720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 720 wrote to memory of 3920 720 msedge.exe 84 PID 720 wrote to memory of 3920 720 msedge.exe 84 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4852 720 msedge.exe 85 PID 720 wrote to memory of 4912 720 msedge.exe 86 PID 720 wrote to memory of 4912 720 msedge.exe 86 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87 PID 720 wrote to memory of 3200 720 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0a246f8,0x7ffcc0a24708,0x7ffcc0a247182⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:12⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:12⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5255c4ac058d2242ac653633f9f71aee0
SHA1a9fbd0e423ff1ed6fb22525e4a2f7951f50dd2e1
SHA256a5c3b8f76af37d8a3bd5b03c78121885fd3b66aa242699f831ec0ee8d7b4d0b6
SHA5125f32566d8197f13ce193bc16b2cc650c01476501f585731a953629869892d417ca0ddd3b820d6c8cd321c5014a1c728de03fa9a0da8c130faf60b8b86c319a8e
-
Filesize
1KB
MD50eb05a5d905478c1dcfa27c9cf66dac9
SHA1ed1e6fe67ec6c738f14fffb8879e45ca859e1adb
SHA256838b534aa5a89e6c9603cfc56f0493732ca11054ec254eb2535f5922666febbe
SHA51253292b9002397ba08ada813cc20206cd5e859ed4d21c75c1ed64d0cbf39dc3189b96595504b799e090d77a29e6bced992880269f9b82e813059b7e38a417e171
-
Filesize
6KB
MD5a2cbd18cb4a06a5369f0780b9ea6a408
SHA1f826e112dfde67bcde0b46a4253e5de998961b60
SHA256fb6b52892094e9d2249202ce74cb1dc0f503e3b96179dbca055908f431a67307
SHA512d1fb48ed4ed36df770cef44f7aa3c0c1ea9abebcdde736db28831bc6ebd531880954af25830c02a5ba650ce32a99e0bbc11f9eabb4f63d6b37986fb33195be03
-
Filesize
6KB
MD50eb19e79811db340f7311bc1bbea3cd3
SHA199d4564ad381736c1bb4888bba0f79b68a1d47b1
SHA256dc3f5798ea67d67a5b099a9313078784c22da08e2c9c37ccc827b0c8e5501f51
SHA512bccb1a5c7e77b7770c9055909aeeb25da0243523888507bc0cab677fcce851e254b99f05e31169370fde253567a32f5c89a02d553ab13cb6368abca0d9ca78ab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a54e047fae6cb3b7d8fe218329c26b4b
SHA1cb4f0b04aaaf1c37bfa1df60ef4f2e9bb953ab5d
SHA256f9148317d8aabbdf526b679a2b8f0408b81c5a77dc12ecbc5c1ba305717e2ce1
SHA512d8985ab700d9237270d0b70133c7f302c041e331e79417a35ad013b455e32b43cee739dd74685882322b5aabd81673cb28b8888dd53ac5edc22535d50ba5cf02