Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 23:11
Static task
static1
Behavioral task
behavioral1
Sample
d09ece923115391f3b7339814174cce4_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d09ece923115391f3b7339814174cce4_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d09ece923115391f3b7339814174cce4_JaffaCakes118.html
-
Size
55KB
-
MD5
d09ece923115391f3b7339814174cce4
-
SHA1
4a8fc925eed73db967ad24573fdf9fa773b88a24
-
SHA256
559c93e51581cfc4bbe1f6383f3f8b86cfcc1118de37f86181ab28c4d587980b
-
SHA512
b94448cf7ddac28b86d2fe5f72d8302ca62b6ae8219375c25f0766adffd5bd555558bba8fa931f877499995e38dc086dc97221561e0623f41e46d68b25aa3982
-
SSDEEP
768:DrOpHvvCIood/F5ZtR8Yk1chTnfzbG3qL/62uBugVQ:DyHv7oC/FRkKhT3P62us
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3432 msedge.exe 3432 msedge.exe 4852 msedge.exe 4852 msedge.exe 4552 identity_helper.exe 4552 identity_helper.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4852 wrote to memory of 4512 4852 msedge.exe 83 PID 4852 wrote to memory of 4512 4852 msedge.exe 83 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3308 4852 msedge.exe 84 PID 4852 wrote to memory of 3432 4852 msedge.exe 85 PID 4852 wrote to memory of 3432 4852 msedge.exe 85 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86 PID 4852 wrote to memory of 1900 4852 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d09ece923115391f3b7339814174cce4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade5446f8,0x7ffade544708,0x7ffade5447182⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 /prefetch:22⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:82⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2336,2233414965378920700,16394827288918806426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3208
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5cce785a4768c02f109ffa9db519618d5
SHA13affab20c29614679754d20a1220a1c493c964bd
SHA25659a81f490180e095e0001d2d743260a485de84583da830d87f9dc674168889e8
SHA51258246aa38ab3bf74edb4c593069682e07e67d08197c53db63773a4240e43b5e6892969914833ea0484d4949fcf6cc12acc936dadc9e28e68805248a45177605c
-
Filesize
5KB
MD509e54bc21f9168234d08de9a2de14020
SHA14aaa05316a5405a5e82e49bfe0f11cae632764ba
SHA2566feefed778feba98a2d2672d959e2a9e1668052a8aab64aa34764f2a5cbda5dd
SHA5120b8e985e6c2e5944a7e09080d14eca7fa8e040d6129fddc6b1f18999ec1133963def85f6267b08fbf5baad195e2e8b68056fa083cac546924e1f6a4565736472
-
Filesize
6KB
MD5e803ee346bbe6ef30cd5a51821045181
SHA102220dd99c487828dc746d9a4dabd7f44269b717
SHA256057a47092df7b8a56219f1741c8e25877c23412d9935ff7c7c93af52783a436a
SHA512d2c590ea922cc451ea6a92ac054d454957dae10fa8cb1cdadcee4a2784e85af8f79e7285c00bc6334578ce6154be2baff2d12e0bdf9784a05e194474a28b11b0
-
Filesize
6KB
MD537324ec80a05a65b725be76bef9acd02
SHA136c81be91c7b0be5fb94c78d948b62854db8723a
SHA25644db18ef8e438e7340d9f7c29d07163daf33c5a3044d07d294d5ccb2c20e831b
SHA5121f32abedd0043a7b44a8907ea82a25c5cfa67a04fbb87c2f5a261cbdeed57a294475c3dad0334ac196d7508f3cfd634c3903c536adf21e0173f2d25c71bf838f
-
Filesize
6KB
MD52d5531088946888edc32e69b72b97eb2
SHA1318ed2ce988dd411aadf60979b0cf07a0ffd70e0
SHA256186c2dd7cb2c1e3500e376f09bdbd031de2c23c58ea75657daebf30f9b3219c6
SHA512bbb8489f275bb24e454c79b33a0a2b5178093f3860f840166d859b4a002222d6680c030d206671d0582efa8ce0ed60a4863f8ce929a8a93e742a4b760ab29720
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b059c14d-a3d1-406e-bf4a-37a56cbf7712.tmp
Filesize1KB
MD5e80c3ab51273553a141b32372e7c0fd2
SHA152a56edcdfd153e694f6caf994c93e0e4f095a94
SHA25614f097abbeacbbf482acc4556c99661394595cc7c4a39202046d28f6f4637943
SHA5126d84f66ccb8b5ef765565ef196c992573eb64ebdc6349dc34554da7727c2a76ed72528a007b76103e5ca7a4cfb284c53042b3eb4e05aab849fd13bc6dab48842
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f8bd82d3234a8113d1eb508837317491
SHA1322c5c47bb06ad30fc078db1011b67ed4b1c2867
SHA25667932bb474bf5250fac6375059c4500c1b9247863c54ec8d5ffa7d2f2cac847a
SHA512f76601e19b59eade5ab7c62656e997275b8e427f72e045f8ad214c59e9c7ef41a68a90b84040c9898347ba5cc4255dca3b486d75a09610762c45ce145b78e7fa