Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 17:44
Static task
static1
Behavioral task
behavioral1
Sample
de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html
-
Size
85KB
-
MD5
de97de79698c903ea0cbb469709fc20a
-
SHA1
363b6d85d71a481005b96663b4847f72543a3450
-
SHA256
8d380300a831e38fed102986c187e53eabbd1632c89e767f441757dbab0acca7
-
SHA512
12d73426f7174a30a1eaff313f6059c0539e4c68adef79476455c0fb17051b968e817e39a515b00424dd9a782b9440f0a5f9af1ba32e47927d7a011149fb3368
-
SSDEEP
1536:dvLrugs/lvgETf2PylwPb2ZQWpNuqtV3sEyZWOQAnu7F1JFi3kjjhEmu9VpRIebD:xugs/l4mf2PylwPb2ZQWpNuq6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 2068 msedge.exe 2068 msedge.exe 208 identity_helper.exe 208 identity_helper.exe 3552 msedge.exe 3552 msedge.exe 3552 msedge.exe 3552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2068 wrote to memory of 4832 2068 msedge.exe 83 PID 2068 wrote to memory of 4832 2068 msedge.exe 83 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 3472 2068 msedge.exe 84 PID 2068 wrote to memory of 4840 2068 msedge.exe 85 PID 2068 wrote to memory of 4840 2068 msedge.exe 85 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86 PID 2068 wrote to memory of 4576 2068 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94f546f8,0x7ffa94f54708,0x7ffa94f547182⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2504
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5d30686cf04be99cdfefaaeb7657a6b6c
SHA1ae87c3149e69dc472383944b8a5ca0581f478195
SHA256d374d816b888336c42eace1ed7a47331bb43abc60a3fa195aa5817005f586f51
SHA5121d33876cad0ddc3c01e55331a8bec793c6d153b036e9271fcb77ca128a4989d8744d43b703f067ba809c18b9dcdf90e95517ad0cd36b68e9cd394608dd82a432
-
Filesize
400B
MD58d158a048d68778e2f4c8b6d4d5e074f
SHA16d14e57ca0ed53f413a4bfc616211df7536f4711
SHA25622dca805a9cdb18c58360c03a4ef9045b504fd17fc68b768481ca7f3d3c2d686
SHA5125c38e7b04581435f248a39d0f1693857fc54926f89687f17d9dffc3d2f6a4f5113dfe6c9a8c40ff731f87c01d95c20e53ec0619c24bab115fa19db6c3169d4f6
-
Filesize
6KB
MD5bdc695e34031047fc06d9770c85c0140
SHA19d50327b280e4adf818cf958abc9956a6bce6c52
SHA256d6dd0ea2e8dc80817dd87a26e25d6dc0748c12cad00b35c1b6075a76e6a87e62
SHA512066e34912cc76cae2ee4131c9ee0ac289e0bb6f1d6652ccb231a161bcab399dd3c67dc8ef820c0b58310237947b4ba2e2a99bce46dfdf4f66a4a0921247f1625
-
Filesize
5KB
MD5e9a683f179b01014b85780b62891e7d0
SHA146c1ac096901363e6ee339ce9cba84bfa1c5b630
SHA256c1dc9d0bff528efff918b5d48bddaf40a29097d12ed03d042867197bc2121945
SHA512f9b6aa1fd261882d3a15d21033cffd484261b806f298e44d4e943a84cfac91c623ebc65f10ae95eb7f7ef6c695df9fca78ed1fca2f32bc9ed57a68148ceca000
-
Filesize
6KB
MD5ca10797b5f6c19b06c286782a483f164
SHA17bb955a24bb51ddd3fbce71a691cfab08eba70ad
SHA256af2d92ce268d333c34b2a277bf9a5ac045a29c05e52eefe2c0ca6ccc6d795447
SHA512b307554dbee5ce28a40c968a573989a87860d63db04471a02688c67d490efd508e1827dbf4b96c8dea3ce4ed98fb034fb82c52d74307df5d550a3468d02a97f9
-
Filesize
873B
MD547dfa01744a131e367ec88db0969f83a
SHA17cb4137ebacf76586cfa8400a68cf8e9b5fa3e50
SHA2562bccb17c106f5fea3e94472ab1ea599e440da44468f5e97b3eba494240b70867
SHA51253b2a256b911a1dae4d82247983f4de9333dba44e7f0e316fc31b7b3c753ce7733b11cfd0e5d21e817813ba2de317e717758309536677fde62be7a90f54ea5e9
-
Filesize
1KB
MD5c8cdbd37b5527870dd0bb995c32d33ed
SHA1d926decb4c249de51f7c4857f0a9baa0f2f74204
SHA256a0dba359acfa09168d01b918c483b5871b5f8adc2add3f618efc8983ed43de5e
SHA5124ff44a89e33804479145f36eafb9d3415ee811e667ebc46838f121daea7b3f610d0ccda88941b29115e871039ec067e43cc016754711ddcfc235a8226fb2cdd4
-
Filesize
873B
MD5bcc9cfc533660f934c4e3ea9ddfd3b41
SHA19a120c698ff53397e9a31f9ed404cbccc51cb093
SHA256cb2b49a6635af07842628b079da02b48aa15e87b2f964c54ec91ad55c2bfad73
SHA51262fb7f45bfb44c875a62b3844cd8d412017a1c4d9e344193655e96b943d051ad49caf42e74b731887cc9388b06eb416bcfd1ecca11e423c92b7ed14bf84f940f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5848cbcae2fdfae97eb2db59787a32c9c
SHA180710758534cfe9e6c9a730da94aa0f13ab5c4ab
SHA2568845d5ee8c487f048ba37b05c26e693669f05512adf02190c14b0ec38908e7a2
SHA512b26e09fa4148d6c0f2d733d9625379ce6e326601fe0556d9188ec071a512fab791a8e8c539e6934b7306393f5aa6789031a28c2fd42eb3ff3c5de0925193d015