Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 02:50
Static task
static1
Behavioral task
behavioral1
Sample
a94922da961748b890f856f0095f6fa5_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a94922da961748b890f856f0095f6fa5_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a94922da961748b890f856f0095f6fa5_JaffaCakes118.html
-
Size
91KB
-
MD5
a94922da961748b890f856f0095f6fa5
-
SHA1
82f14cb45e05b1cc169565615aa97899943cb4f8
-
SHA256
dff67de2dd2ed45dbfbd9d75d4190195796e1c90fb5215be054d1fc8e9dcd876
-
SHA512
aad7f707dd98dbb219d0d6c25d08cb368e495defc8ee361627f8399921de6f9a245718791ac7068d193fa9fd90c78cdb3c0fbdd877a42e467455d6f7e9836e26
-
SSDEEP
1536:yNC7oR8uA0y5EK/+n95Re9iMxnMFuhj1HLw+CLAKGNKtzpA3X:yNCSgGn9XMM4hZMKX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1128 msedge.exe 1128 msedge.exe 3528 msedge.exe 3528 msedge.exe 2808 identity_helper.exe 2808 identity_helper.exe 2880 msedge.exe 2880 msedge.exe 2880 msedge.exe 2880 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3528 wrote to memory of 916 3528 msedge.exe 83 PID 3528 wrote to memory of 916 3528 msedge.exe 83 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 4060 3528 msedge.exe 84 PID 3528 wrote to memory of 1128 3528 msedge.exe 85 PID 3528 wrote to memory of 1128 3528 msedge.exe 85 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86 PID 3528 wrote to memory of 1216 3528 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a94922da961748b890f856f0095f6fa5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc136f46f8,0x7ffc136f4708,0x7ffc136f47182⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,18368841012522221316,2315800508063283939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5146651ac3092c55ccec610a12faa224f
SHA1ccfde68cd2b2050be9c1bccbf2553729c74e6721
SHA2569253dbe9973ab1f52e2ea95cb5160b0b2f49c2fb478f1da22dff23ebaf681e40
SHA5121039a349527676293f9622e65090a680485d107df71c57ed9b3038ceecf18ce56e147cc445557d8dd3698606b9ae5ed09a507deb76664d228d5484c2ed073581
-
Filesize
814B
MD50678b26c5bac376ab04416c77157304d
SHA1a594d86bb4236bf011bb863d60626075956379d8
SHA256cd014a77a40c0dd2df620d692f256e908b11b65863fc7a8bef31c9aaf849f526
SHA512393376d90ab7f2ffc7857f7d3f4cbba8259ef99eb6c91f79f4e2daf63dd06f9eef8031bc25ae454418cd0051a1962f3f6311e89561045483500b6fc75e60f9f7
-
Filesize
5KB
MD592767262b1ac108af2813c128c0ae000
SHA132712ef216edf82cfacc0ca6f89612d207f28125
SHA25600ddba6c741f988e834cbbd285d5f708c2796a3204890c90d001321fb0e1de4b
SHA5125b3070e69854d7d1d1746771f3f22c5c7fbfa0b0aaa75306cccb255f1c9fd74c2e69170940ec1b5fb14884a26edba1d08eb0a63523f5c16c2d614c966944c22e
-
Filesize
6KB
MD5d578fadd7501221490775544b13e8c10
SHA16b66415b4ccaa64149e335048c963e7dcb9f99d9
SHA2561477408ab1b3fb4cd91a5285acb0e9d7151a9adbe9293bc705542d445ef8e795
SHA512c94d9f881cf7efc0359f5981fc0095591b0e62327adec7115a284ae06c2b55e7515adbedca56222f34e3bf9b86f45c9f4c31389c111639d93c20bcdae8537e02
-
Filesize
6KB
MD56989e5e806764843376fc3740b7a35c4
SHA1530c84709e8fa2d949f6bdcd00bd2540a34839c5
SHA256085a0d8130bcc6a75d6808fcc733b819baecc499f06763ee615ae21a7a4d874e
SHA512a46d99d57ead46b4a411afbb6098e079ce4f58ccbcaa8dc43660b9ae3d0f47d03f1cf0633a09fe42e1f8cc59e0ed4fc6aeb6e7c7364615d5b15e27f0964844b4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53c217c3258b09487c907294e87777cb8
SHA165c0e1b90d65ce9eb013c1ad73ba2e61141f62ab
SHA256b7e9988f31fd12c2e67943aacccf80c3b6adb4d538e6c2110ec16408b5376669
SHA5120b1753de3b1b2e54c14d06a6338126487bda2637138973fe8600022f3138e4fdf7aadf47da38c054ee77922b46afaa0d3293870a623075c706b780cbd41ccb12