Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 02:17
Static task
static1
Behavioral task
behavioral1
Sample
d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html
-
Size
445KB
-
MD5
d0dee45b6c042c6a25c0fc21bd5fd13f
-
SHA1
79aa40167c686eab0c1708db8ba1975500596df5
-
SHA256
4f2feda2dd60e36933640992e9d0a65486958d701696a37da2fd0bbf53a2a73d
-
SHA512
722c2019febb16413e628ff94ab5e0929363004c7de7a657a017567b7e0938dd464fcfa06d97629e22ce91b0a7f7bad1811bbe17002e6320220af487fe0347f2
-
SSDEEP
3072:zTDfPTDuhbL4z+Mr9PkV9ncVHkQVZobD79tH9DH9WLCnKRgUzkEjqZFVgFYVkiBn:zPfPPuhbLHKRgl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 4324 msedge.exe 4324 msedge.exe 3196 identity_helper.exe 3196 identity_helper.exe 1544 msedge.exe 1544 msedge.exe 1544 msedge.exe 1544 msedge.exe 1544 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe 4324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4324 wrote to memory of 3592 4324 msedge.exe 83 PID 4324 wrote to memory of 3592 4324 msedge.exe 83 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 3548 4324 msedge.exe 84 PID 4324 wrote to memory of 2796 4324 msedge.exe 85 PID 4324 wrote to memory of 2796 4324 msedge.exe 85 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86 PID 4324 wrote to memory of 4832 4324 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf47182⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3420
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD552967817e5f873235c247337d0818847
SHA16c84d39ca9b6f2373c0e6b53d1e5b7f6aaf76b8d
SHA2560708237e05fb3efafd9567f25019d61a16bd00699358d6bf0f9231639d922533
SHA51291f99032929ce72c1800ed1586ff563644c0a2ec22c91da3660a77f199adc003d7ee74aa497dda1efbe7202520416866867d736e61af282fc999a892068ccb71
-
Filesize
1KB
MD5567c742cdd538f89abbc7e4b0186e733
SHA1e280278281ced0c38465c82f760f7e76c35fe379
SHA2560216657e38459014c8aa2aa7f78816e7df717a218e53c7c8ac2037ec0a0c61a9
SHA512387796eb9408b52c54c8c0981c05cd1d6dfc340a4daecf91ad89ef8944a078b85122dfad0fef07adde6ab0fbca397aac3b677a432a865ac5b17e527808794baf
-
Filesize
6KB
MD5ed2021c796694f36f8c2e0a8ab74bb3a
SHA174734a06325b410135579c785bc77c9940f48899
SHA2569bc4a54c42b4b07384c9fe425d8c11b7d86859bca5a67d08fec8d43af64327a5
SHA512cc01e7f1a3c76332110982237be1442c674e19f38271ce88bff8bcb58d71854ca8019b59f966a0a719c3ffda1449213dc70089bd91932f8519824ac5c08e9ec2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfdffd4a-ba53-47e0-b2ad-77a9451a23b7.tmp
Filesize5KB
MD5edeb4eab31d58dfdaf8642bf584f4174
SHA12081f684e276122623dea3430bd98450a5fdbb22
SHA256a7fc5688cbc9383f5d3fb70749720c52b6c9cf0a3128a4f51ebfde70cd2ce528
SHA512f7ef5d164517806a66d2d3e7d2b40f45ea96f85365459d4e4a0644392f057eb7a664e8133ef91858835959818f60c8dbbbad45946bc9d1db73e66f2e60171636
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a317874be6e7000d5ede1a01656a9d38
SHA15b6c8a81789c5d0be0fe9a53344fee987d344034
SHA256ad543fbacb1e30bb7b03b8f9f014159dba814875bf2d07a2246689aa17fc0cd0
SHA512fffb0d1a0527cb6b4ec3525a14fc7f2b6a7b311e410ef600cfc37868837e8f6e08fedb9fde67f6a2d8cef3deb1ae08695cf02e8d825bae5b7a51d787c272ea8f