Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 22:06
Static task
static1
Behavioral task
behavioral1
Sample
d08ae8f4c2cba0a237dc3a4d166c6f18_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d08ae8f4c2cba0a237dc3a4d166c6f18_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d08ae8f4c2cba0a237dc3a4d166c6f18_JaffaCakes118.html
-
Size
94KB
-
MD5
d08ae8f4c2cba0a237dc3a4d166c6f18
-
SHA1
33afd77a115e371f37429e02f8993d25fe04114f
-
SHA256
444055a193b10e376ea34ea9671f4783a08bcd105ba05c6d9082f3f86f0d346c
-
SHA512
4ab2d2fca8857c397bb0ca281ab7bce3998fd1afff0fb9cea8e5ed8516898925ee742fd6be73b775d35c5b915e526f0d9c3760f5724ba0f6137c0544bcd157d8
-
SSDEEP
1536:fzOrV46B72VwgYlLPciaw6E6/+anYkHXl34HDT39MXYWdyRjB1:pNuhudYsVIHXSYWK1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 4672 msedge.exe 4672 msedge.exe 4980 identity_helper.exe 4980 identity_helper.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4672 wrote to memory of 4984 4672 msedge.exe 85 PID 4672 wrote to memory of 4984 4672 msedge.exe 85 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2092 4672 msedge.exe 86 PID 4672 wrote to memory of 2088 4672 msedge.exe 87 PID 4672 wrote to memory of 2088 4672 msedge.exe 87 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88 PID 4672 wrote to memory of 5008 4672 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d08ae8f4c2cba0a237dc3a4d166c6f18_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd101246f8,0x7ffd10124708,0x7ffd101247182⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13834194717447553591,16264731727528721441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD57d319ddc542f8e2b9c658c46f77d0444
SHA16b40c0679db39f673da2c1d9be0f46f99bccd816
SHA2568eeecc23eb3029c587a4641c4d22473b93e717310a82cd2dba5a98eb476a4eba
SHA51292ff3bc926ec5253e8d79fd4ab7512a8c23a6a5c2a0b740e4e59cd3a74a05ab127406d4d6eb4c34537fe7226d3057b98a39a33036885a98a1ec59a64258ada1d
-
Filesize
1KB
MD5ec641730a983deeeca21228ae6c9a8d8
SHA17a6c94ede0177132dfc85047fceecf1853decc0a
SHA256976c91f6c48015d19f536fcf94ff4f695bfda7142cf0c4a5ab6e2a256e7cf3d8
SHA5126e4c36b9c13b9745e3d4202a7a688cd83b2f9c5d308a181525368d02bde693d68091e45c9935845f412fd630f564df0ea9b5a61efcc2a5ba92dabf27ad6bbbab
-
Filesize
1KB
MD579fa7723183d94340ab903e085f78399
SHA1d319ebd192022875a17a17ce7d480cb3cb924a00
SHA256b166e0c857f3d00bd584bdc8e75369d7aec02f799064a91df9d3d128806bef9e
SHA51246902863e66a1fea9724c2a982a859feedeecae1feede1b2feef815662dc08929bdfcbb39f71cc481bcce6f9761ca9652d50f81147819ae283f60073eb62a10c
-
Filesize
5KB
MD5a675e38fdc9e957caa4c6afee8ff01b6
SHA12b20536e043e8db557c1986d21b356c8bbc33c62
SHA2566e0e03e4a2497947830044b9063d56875ca53950b1046a6223ed4dcf214f6b0a
SHA51238ed354d365cfc1026e40d21a190f1128c73814e6dd0e6818470567ddcce2603a1878580db355c21f9d0edfa7864b693e0ae2ce28eb77d658afadf479da44705
-
Filesize
6KB
MD59e24fd057a19863989613de7efef55d0
SHA1aed45a06a9cc85d743e3dfeaa4592e506b15b9cc
SHA256eec0e22ae16c3fc2bb492657115bf8de145e5c55e6df0cff1786900a57623d80
SHA5129c3030650c9f0af4692c11fe34d79e0dd80dc675f7841f1300fa2d6e5b03e00c6185d641304c2b0f660b653f428acc856fd148886f480e329f818fead1b01556
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54631d9fd8e34af285b66aabfda4e092e
SHA11e4f978c7bdc0fca6a30bcfa164f7ccb6057b86b
SHA2566a2034cdb046d47f209d9a9c394d168a3f4db3d9f32889195f711962d95e1e6e
SHA5126e41300b2032a420c3bae2f05f60ced75fc77668a784161ab681948fd502450b155142f0490a9bf0deff9ffb7a0b5448280448a36dd38c477b8d250c8a733b89