Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 07:16
Static task
static1
Behavioral task
behavioral1
Sample
c03978fbf173ec0ed95c12c6809b53fe_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c03978fbf173ec0ed95c12c6809b53fe_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c03978fbf173ec0ed95c12c6809b53fe_JaffaCakes118.html
-
Size
21KB
-
MD5
c03978fbf173ec0ed95c12c6809b53fe
-
SHA1
ff9f61495b03f8df74d342c9f5b127102b7cadd6
-
SHA256
57d813ed5464abe9ade8a8e74d9cc468605bfc9791b7d5bfb3b36528eae3b2cf
-
SHA512
fa79439b8d5787fd9ca09ee3a583c69d35adb9cc63036e609878bdfa5a168365b5785139c476bc79f43289a5e65737343686bfe5583e12495245409935f0e8a9
-
SSDEEP
384:eu62KKo0lAt3gAK3z8X9QITHVaP5rlE8ja8I8L:XlNK2vEGL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 60 msedge.exe 60 msedge.exe 2208 msedge.exe 2208 msedge.exe 4632 identity_helper.exe 4632 identity_helper.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2208 wrote to memory of 4072 2208 msedge.exe 86 PID 2208 wrote to memory of 4072 2208 msedge.exe 86 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 736 2208 msedge.exe 87 PID 2208 wrote to memory of 60 2208 msedge.exe 88 PID 2208 wrote to memory of 60 2208 msedge.exe 88 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89 PID 2208 wrote to memory of 4216 2208 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c03978fbf173ec0ed95c12c6809b53fe_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f47182⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:82⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3312916006223897617,12668835303359531478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5414c66be97077aecf7647eff34a5b932
SHA11cbf6e4318988abdf697d2d22383039edcb72cc9
SHA2560b3e31a2d2af89bd9ae5b7fd9a9dbc01e280222c0f2b91fab86dbf6a0445805f
SHA512a264d95d5a1a9a79be028aae4b1ce47138c7ce857c4edd83972f80c5fb528605650a1081f033158ce22a995703e983b59fe6e7f54755db50a7bbe99d472b5f96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD5c7a30db0b36ccbebad6a0954a417df45
SHA1958b9e56f5280e728e6cf9cc690e50430d1870c8
SHA25690bd1035d60a9ba9e8196a8af96bb2dbde6bf6cde5d9f353a7e8b8f219e610ab
SHA512eacb0c33f4d2435027f72b2653ee650da5be9558ddb99509cd0c5f44cd4f4b383ac40dae54dc344724250631d1b0b9b8c025cfce64844a7287f41b912d427900
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1023B
MD5f9fc659e341e7835353ca619b3bf3d0d
SHA1ab2a037eed4886beb78c6d46169ceb04b67cc6e2
SHA25684156c0add56b99006e071c1100e51381bbb1f8c1d475f3140f5445a79edeeb9
SHA51267fd0f3c98dbf3b155711281910c548ddbdc838d48f0c850bbe35fffaad3c207f97b49a5ee1edbb0bcf93eca7e1f0cbf5dd3e28a01c494a9d525911286866a98
-
Filesize
6KB
MD5476d9949e01ea28536a0bece0d3fdc43
SHA184986ad07ef41c912cfad8acd21e845bfec5dd01
SHA256fc39b09afdefd66e19b881797283e25cc6bdab56cb02d69c4d169c57253dc0d2
SHA51257dc70ab938865cb856545ddf691bc5ba86024238f8b9572d53ae2b97c6da9906c260cf95e2a9e77850b6a1aafe3338d615fd0756f082f6f13a58c71229f5b93
-
Filesize
6KB
MD54924c05b8bbdc7ab5c9599cbe5f148e1
SHA1787edebba826856406f40513998b519305d9fb3b
SHA2561474d9c7aec15efc7e4a68fcec34bf93ce66aa8284417811a79e203c8bc18e97
SHA51253c3275b3ad7211b6ea0e67141380d0129ce81ec8dbeda35c84bf4aa0aba78c69d6bdd4f02d6c9b2da32485860dc7e25b709f8ee92fcb9e1bc3d86025ee92d87
-
Filesize
6KB
MD56c373859c9b518101e21dc1901e501c1
SHA1abb68a63bd6d57def38aa8c6e65bf049e87d6823
SHA2561bfa606b08dae3c7c9ea893adbd5400ebb910ac6d7ba0a26017ccb0c24652826
SHA5128c5e068aa0753e53b1923b4da5e5b0f7a80daef9368caa1116e547dd9986844066307c4524a05cc41543841c247f83240b95ee3b7fbf31898d618adef7b7a02e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5848fd427abeec570159a9622c7722d38
SHA1ee2faf6449c3c1fc73eebbc8c35b9687982be2fa
SHA25662afc39a6bbe76b37dd519be9001fc4d44d3d9743d9e88395c647da8370553e6
SHA5128f46489bac2c2abd05c125d18e2b60d7e72f18f12decdec6488be16c7fe94e8f8066600f33f5672591c895364e293c3411a10e1535ed0b6aa60bab1081944dd6