Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 15:09
Static task
static1
Behavioral task
behavioral1
Sample
c100116e3aaba41f551309f9490e355a_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c100116e3aaba41f551309f9490e355a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c100116e3aaba41f551309f9490e355a_JaffaCakes118.html
-
Size
1KB
-
MD5
c100116e3aaba41f551309f9490e355a
-
SHA1
06723878778123c8bb49995a0b8b4fbc2c3ea24f
-
SHA256
6dbf88c4f12d773d02ece55675085c56cad50f8238b8b1e80c9c7510be92e7fe
-
SHA512
2f7c0da43774ca09db5643219cb8bfcacee2c3586f56b37a991ed36a2f3a10ad016f2e16ef190c3d1da5e7d72ea5a42bb6734c0de07d9b15fade397403cb6e4e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2700 msedge.exe 2700 msedge.exe 5024 msedge.exe 5024 msedge.exe 4300 identity_helper.exe 4300 identity_helper.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5024 wrote to memory of 4344 5024 msedge.exe 84 PID 5024 wrote to memory of 4344 5024 msedge.exe 84 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 4560 5024 msedge.exe 85 PID 5024 wrote to memory of 2700 5024 msedge.exe 86 PID 5024 wrote to memory of 2700 5024 msedge.exe 86 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87 PID 5024 wrote to memory of 888 5024 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c100116e3aaba41f551309f9490e355a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe832046f8,0x7ffe83204708,0x7ffe832047182⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13582084565662212424,18249109078651950551,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4520
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD54dfc0b9b9497b8f9706c942f77068d1b
SHA1e50a9dbec0873bb8337133d0284311c78825249e
SHA2566ff15895d753981e8b98234371a68848d519d4410cd524dc426078aefbb3504a
SHA51296ad8099f05dfb9c619b99337e1ac25bc8f99fa49b2b3e0e9d6d30c31e33043734c6bb18c982d2d0db6e25d8170e01f283059c6b079e3f8c80b99fd06af37a59
-
Filesize
336B
MD55ea05e07b3d2d6fa608c4e66b4624619
SHA17d684bc5fa45603a6b37a47ab50e19f3046bbaab
SHA2565e4891e4e43b0100eeeefe8b698600f238e5b529c1ca70055a39596aa890dd1d
SHA5122bf4ff0b2421b0d5563f0ed99f7fcc0720e25923d0661bdf641836433f31ad6b0dbc8b73160a5691a3c7062650d9f779b6100aeb77233a6467169cd3ade46e24
-
Filesize
5KB
MD5a3f9158241172b10b170178c3e40ee99
SHA17fc6632440d7e99c1cd6de2e2866456fac1a12da
SHA2562c12fac7eaeb12fee0ca1a595824cea359d05e79ca570af468e8763157e2af34
SHA512fd78d6e325e74878b2acdc390f496c2b4984d65393bc91a3b1490d1832ae35b16ab00de58ed1691b3055ff202caa53b4239565482740452eb87265d5d9c292fc
-
Filesize
6KB
MD567210c5fe0137f033705a2b8b002f9d7
SHA1a156b98bdc2e473d38a4afcd1af62717ac1007a5
SHA256e5182b881a8f737413c1ccd735cad81fe1e9ecd00c7eca14d228de1df234b1f0
SHA512325ec00870749e2cca68345a88c7f4ca3e9f66a198f9a71510e1d7295489f50f01bbb8ac3b9724e0c70976926dc3d865314111b70a01c0ffe6d2eb7be17cbc9a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53f65aee34c79f8875c81f9d255d7607c
SHA19c84e0646e9ed9aa5b5cc03fb734cd9e9ddc4fd2
SHA2569b51bc0138d15436ef98f27762010a1f04637a79fca7473ac1501b6944f406b5
SHA5127cf74d8865da8790ad00d9f8191599a8ff05c5973386de4060fc52659f1852072ba143d0c1eabbcf5fc8f33ac04e5b3654eb4c38a07a377891c6a0b64fcd26af
-
Filesize
11KB
MD5dfc1c38e1071d738ffd166480af3b768
SHA134769db4ff7074f87500d9b9d8192329f22c6400
SHA256272d4d3ea07e0496be1461abd15360eaa93344eea1ec2c35585f10078ac21e4b
SHA512c25cf8962b5127249adb6a05ce88d7c59da7fe09123d9fb61e9c8bac037030f26887470c191e7d46521d5a19da68fedcf591c088f72567638ba65bcfc35eda9f