Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 04:54
Static task
static1
Behavioral task
behavioral1
Sample
d3955eeb974fa764ae710309dc9e2466_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d3955eeb974fa764ae710309dc9e2466_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d3955eeb974fa764ae710309dc9e2466_JaffaCakes118.html
-
Size
60KB
-
MD5
d3955eeb974fa764ae710309dc9e2466
-
SHA1
e26fbca0a9759a5ed90935f1e0d828398e963a43
-
SHA256
aeba30ed14c24ed52d06b38b4428dd96a750afd19f4dae2cec9c34e0a7a8cff0
-
SHA512
cddc7c35fbb5f45d4c48da50acfc92e80498e74ceda41e77853f56df15f1781bfaa94b10b603fd74a14fa3ed9ffdb5f463f090f7e14a83a4375d174640fb6940
-
SSDEEP
1536:kLP+y1LNNgNrHxowzxbHv3kEvgkunlibTGRp7GI8IBf7EjDLwSxkvpUzLPAzzCK5:MLNNgNrHxowz1P3kIgkunlibTGRp7GIv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 2716 msedge.exe 2716 msedge.exe 1984 identity_helper.exe 1984 identity_helper.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe 2716 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2716 wrote to memory of 2412 2716 msedge.exe 83 PID 2716 wrote to memory of 2412 2716 msedge.exe 83 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 1904 2716 msedge.exe 86 PID 2716 wrote to memory of 3996 2716 msedge.exe 87 PID 2716 wrote to memory of 3996 2716 msedge.exe 87 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88 PID 2716 wrote to memory of 3676 2716 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3955eeb974fa764ae710309dc9e2466_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e47182⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:12⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8011510042502460207,14610895534357757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:832
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5073fa9638871b8b793e923f41615c320
SHA11b5b219a606d0ea30b32daac4da330e0d7972751
SHA256b4b50802ac512793b289496a03643256852effc874120e05fcc89f5349316f72
SHA5129fc7012766e1750f89709af6d817bff3427130a99fe6f7aeb6604cdfa148d92aadafe91606633f5133cf5b85cbe73597b6f9034a05c4fb921b97ad64cd855f39
-
Filesize
623B
MD5c3b1bcaa600cca14d2c61513cdcd8768
SHA123283ce33c838b70df06b00947b925886e8dba20
SHA2565d0adade067e0baccee637524251077ff0cb73f099161336902f6666efe9f266
SHA51236fe554aad553ec07dacd861c53f5370203cb0060ade16746aaee8e1dad41fa4fc947b21f2fc2cd25feaa7843976014c84ff872746249fa1f16e3f380f06ca32
-
Filesize
5KB
MD5b09b2093657ba6f57a22ba2ee51ea025
SHA1cfbb9ef3547d5c29c02e876a2e5b7c4d7d27ea45
SHA256b6dc8bc3c0641c678cbc49da5d9d9b79b1f5811f71194629622ab8c20b0443ab
SHA512711b5b438938e165fb2f16c7be9868089ac3cf9641cee31f6a0589a44eb0bd62f420cd7598e5cf2c94c6d1b52e4102faffcc2fd98ebac1e8d22f4adb184de182
-
Filesize
6KB
MD59a4543819a2a0ffbb328c3a7050981aa
SHA135b12b0705ebaa5a249e7c7268171f5e27c3bae4
SHA2561d53c6b35e45e797daac302196055ca341131b978231aced82c9d9950bfd2df8
SHA512f4581f157616063943c81c896f5072544d5896e4b9364cdef2e86582b3dd894a4ee8512b3edbd203a210565533e4b9533d5787a6c17ad81bd16687695afe5e41
-
Filesize
706B
MD5510799a9d65d6f46a69305c9088d103c
SHA1f390033120c33a0b50ff74f9586c75d168adf72b
SHA25644dfaab18807613633644ecd00f58c6b5adc18e6d2cef82e2f2b105443102df8
SHA512a54b07390cdf74b482f36c66485cef04bc0c52309c71b4a28341f21eb2d4926f604a9f8a2f3aea97e9c39c9028b6c03462145efb9c24f609ea1a17bf2956eff2
-
Filesize
539B
MD549da9e83e31ef1d4d625217358b26b20
SHA1bd552bad98268bfa34fd66fa0d8a6938c7b0f631
SHA256222b39772be079c0445b79691bdc1eb4c85245ac54714eb720c24f39864a15b7
SHA512cddf6e87fbf8cfa30fb86b17d98a60de8a0510c0fad9cdd5bc89773fc9374961da7e40c96155a0c794a5f7b9956d3d1b2b8e95ee9bfae33078944e57e43eb18e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d86d9003aa83932887311af1e833a9c2
SHA1ba75309aa9865326b3e999e5e8b3f20bb0006529
SHA2561f236926290883154c552e2fd39818dcc7dcc36ec70c832345c99f82c08846cd
SHA5129b6ada034e1d059f0e9b7dee27102999feb76f0d0dc034dba2f37ee341af5d32b2529f024f23fa211fc98c519fd63fa637b668064d0c8fc9f9304a8783f0055f