Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 03:41
Static task
static1
Behavioral task
behavioral1
Sample
d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html
-
Size
33KB
-
MD5
d3752afe9f361e0af017f62fc4bc1711
-
SHA1
d8f284875584f98a2e4791ee93f4fb18225ee889
-
SHA256
ffcd0c82c5dd09e9461f0ba8e2700af9820bb0488ed7e154329c37387ed9b9c9
-
SHA512
72ed137da299e5eb426d6f2351e45718141c857b79d7f765d680938275d1022c68bc4084aabe25b72711310a56e7cf05eb087ee5fbeffe9844bcf9f5912fc5c3
-
SSDEEP
768:9TgTNojlIPVNNHcthkFYutyotqd1YR9L9krZh+POQ:ZENel0bN8teFdtXtC1y9L9krZh+POQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4020 msedge.exe 4020 msedge.exe 2800 msedge.exe 2800 msedge.exe 432 identity_helper.exe 432 identity_helper.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe 2800 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2800 wrote to memory of 1728 2800 msedge.exe 83 PID 2800 wrote to memory of 1728 2800 msedge.exe 83 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4984 2800 msedge.exe 84 PID 2800 wrote to memory of 4020 2800 msedge.exe 85 PID 2800 wrote to memory of 4020 2800 msedge.exe 85 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86 PID 2800 wrote to memory of 2020 2800 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeb2746f8,0x7fffeb274708,0x7fffeb2747182⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:82⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD509dae2fa4971d86b4ba8ab2a932d8d2f
SHA16b98572856a08fbe12392817a3bd8328a35f79a0
SHA256ab15da567529f3b8bbc69e51628655a033c0ce7fae901936364c9983d7b38f8f
SHA512e081b222e8dd0a2904399298883dcb582cba30f3cd1d06269463cffdd1c9f41bb9b749bea834837a536cc19e67334d584687d42641ba88b89b4be7caaba2776d
-
Filesize
644B
MD5f4069f42c9873a6c7017ff57bddbdd61
SHA18c193561ef4aee50ef5864c17ff9a95b56cf6866
SHA2563c402e7058ca5a846311fa81634721966f3035fa265ca0fd6685f01e116f77c4
SHA5122e0fe20a0da68799aca9195c5f6f81ec7695684c58f2422c439fb9118e94b937be5961385363ce484070a642cee83662009b29b18f15c7537d524157a703d2fe
-
Filesize
5KB
MD5193fbe7b1188c46725ea525d50a5c6d0
SHA185bbba41c0bb63a4dbf9bc0374b02d9996d35f84
SHA2569d61ec5601d3509a4c4310dc197a0fa5183b5bd7c40e8bf0576217d6ce70f19a
SHA51267753459850971ec303f439b670385459ee93d421a0679cdca504d2e4743efaf3626f84d7b669c7aecc2ee83a23893643f1f5a0cd89afa9c4a0cc281dee5d452
-
Filesize
6KB
MD59e3e55a51ac5898e65b2d0b46f1f3c9f
SHA1171c61ca5bf0ca008ed74d91c9a7b5cfe36f68e8
SHA256d3c9c2ae5a104288e1884cfdb71ecb4b8e3bb30269393583d99157f7edb969db
SHA5125236e9d9236a2c2417d63a2982892c45f647c35acc98f49b8f77284a7d14323ad8b839094fef8e0d3d79f243f77adb7b424bedccf89f59600eec1cb205adab0f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5791f54b8e5dbdbd771fd9a0b118b3fb2
SHA127d8b76d26c2d81cbd3e40094cb7dfc99de20344
SHA256e8366310065a42e76e8f8623635704f17bdfc1fcc231b4f5223c9b19a4ee833c
SHA512407f029580620d08e5647c3dc3775d050a4d2e7fc66dee9a99a23361dcd1b0861aa566d28cf64f0939c28e9347374a5cf97033475b57559d0c77c8b3ad1582f1