Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 17:50
Static task
static1
Behavioral task
behavioral1
Sample
d4ea5eceb68fcf1844a56f6fb3c9a113_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4ea5eceb68fcf1844a56f6fb3c9a113_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d4ea5eceb68fcf1844a56f6fb3c9a113_JaffaCakes118.html
-
Size
72KB
-
MD5
d4ea5eceb68fcf1844a56f6fb3c9a113
-
SHA1
c5d81f893b2eec7381187e74964660e3657c8aad
-
SHA256
81c04ed20a8552f8e06a78dd2722fc322e3ff0a3defd80af07b9c01f5395c837
-
SHA512
122ee005f61de3ab0d192d71f45a6238fc6452fd3239b4e7c5689fe12eb578cf69d7822025727caa9100e1ead72f7887d0a77d1241fa867aef917391e074cb4b
-
SSDEEP
1536:JcA0zhRzI9I+/BIhaT8ec0tbrgaWcMNnRzT:J8RmyaT8RxcMZZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 2100 msedge.exe 2100 msedge.exe 1868 identity_helper.exe 1868 identity_helper.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2524 2100 msedge.exe 85 PID 2100 wrote to memory of 2524 2100 msedge.exe 85 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 1504 2100 msedge.exe 86 PID 2100 wrote to memory of 3016 2100 msedge.exe 87 PID 2100 wrote to memory of 3016 2100 msedge.exe 87 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88 PID 2100 wrote to memory of 4688 2100 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4ea5eceb68fcf1844a56f6fb3c9a113_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8231546f8,0x7ff823154708,0x7ff8231547182⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10072497142121035110,12988732900188823972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d4829218222c8bedb9ffe89dffd37095
SHA1aae577f33f413ec3d09f2e7ff5d9cc20a602241c
SHA25649239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b
SHA51203e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1
-
Filesize
152B
MD515e9c4b4eefb3e1c08a010e748e10f58
SHA13172378f2c7a00553ce086dbf53fcf3126c5a724
SHA25607b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000
SHA512811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD54a5ddd7ac126b591401705fcb2ce57bb
SHA1c97f83ccf3e74fd31550efabdab3ed2beed9a1cf
SHA2565e8980a065f9af4d840564690a1d7e82e50ae947e66047ba7ab58fcbcd7d3000
SHA5123cc98e059bc46f3f2df9e9b281c60b43b7a5426bb4eb92250327d92fc3de6a729a147f2e6068ea19453d0294f7227c4664868f274958cfe8df4460fafe454d3d
-
Filesize
1KB
MD5ec1fb42a4385dba81a1b357299003a4f
SHA1414337e0a555cfbb556cee62fc312017408d8ec9
SHA256d75f217dbef626de50fa54942ef0d61e16ffd97393543d1ef6fc035ce82547b3
SHA5127c12b7a2b1d149bb49e41a0f5dec5d0e88f8a08f1f7a4affb68438410c673965be0b5e9edea0481071f112b8180ba7c2667ce6e4de9396f0f76ee121fb3b4141
-
Filesize
5KB
MD5c0576550fc2710c4b67e96449e859f6d
SHA1b41cc7612011cb138b3965f3335d14e9099a4013
SHA256aeba5b51121c085d03e51caf632865e996aab35a00f8c5484f0acffcf24cab86
SHA512445b26e12bc7c4a1ede945a43574786f12ebbb514adc0228156e74ee229c809791096ab0e00a1a83140d956c83bb1431686b8575cf55f882ae7aca94533ccd12
-
Filesize
5KB
MD512e0843db0972ffa7e0209f29ac4c825
SHA11abfe08ee6659fd2cf7b0ef3b024a77a87050713
SHA25628493a2e284818d02d6eb805c30853b0abb01406b4859b3f3433cd47b481b8b1
SHA512138b8d328c6d6643a37b8516011bca44227dcc9c9cf2cbedfe05227702dcc1ab530b23acd2f0fb7c79b8ec8c7be7eb8bd699c545e40a473a060fd464d18ed3de
-
Filesize
24KB
MD57915ba0545666aa5833cf9f9f86d45d6
SHA1743ecc319bc2a54973582d4a5198042a48fbe8db
SHA256f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20
SHA512a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD567722d917b278dcf36b76f5cb032f477
SHA1b6301bef8193f7a49b4d6c7ee5f851f30cae90d1
SHA2560d413762f74baeabbe1af7f8a97e18bce7fdd786c491aa8bb0226c761a727480
SHA5126150538eebab1498455dbee452ff62b361f8ce01141bbc0392a1803098f60185852f0dc36b5c07cf658ea4959a16b98609a9986a3c001b3010811e77d338c049