Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 08:13
Static task
static1
Behavioral task
behavioral1
Sample
eaeb4a2fe5efc8bfa694eb877f361ed5_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eaeb4a2fe5efc8bfa694eb877f361ed5_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eaeb4a2fe5efc8bfa694eb877f361ed5_JaffaCakes118.html
-
Size
64KB
-
MD5
eaeb4a2fe5efc8bfa694eb877f361ed5
-
SHA1
8ebed7c3a1f5215c91ca5bcf76f7c1b5993c5b39
-
SHA256
20c02354160fe002c79c9cda6993c1e5948dfdb12603a4daf8a2fa38e8423cff
-
SHA512
03db10b92ab9e422612dfbb47dbe56db47f8d761f9a018fdd591fbc5648a563d2ac7015064300545febea7ec86c82ec97ac8657382ab11ac9e1c73771811c529
-
SSDEEP
1536:oRb/Ds3u/wMIP2qwQ9MiHlw2nftiHEyxOGO/OShIx96tbtxM8Pj3FElcXJsijJ62:ot/Ds3S5IjwQ9MiHlw21iHYwhwDlSB5i
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 3624 msedge.exe 3624 msedge.exe 4872 identity_helper.exe 4872 identity_helper.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3624 wrote to memory of 4432 3624 msedge.exe 82 PID 3624 wrote to memory of 4432 3624 msedge.exe 82 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 4748 3624 msedge.exe 83 PID 3624 wrote to memory of 2196 3624 msedge.exe 84 PID 3624 wrote to memory of 2196 3624 msedge.exe 84 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85 PID 3624 wrote to memory of 4364 3624 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaeb4a2fe5efc8bfa694eb877f361ed5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc77046f8,0x7fffc7704708,0x7fffc77047182⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:82⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:82⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:12⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,318348450767853492,3017552731911165939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD51a1b4b9412a104eb27ea02f208de4004
SHA19bf36c4cbd401f5f227442a6a228fd3770d8ceba
SHA256c2f2fb357e6e6722373b7ed085a29961f097de0aaf33a991950871c96d347e4a
SHA512e76da4fe53e3ae05f4f9d74dd43d5cbef6094f6672453e13f55691c72ff684a0e4700f31fa07db4a94aab1d52e1f493cd49db70f872530a6f541938430878c83
-
Filesize
1KB
MD50957a52aa198f06c55ac40e603e48db6
SHA19a527e02badefdd133e79cf18dd613f959984934
SHA25644fae7c0028fcc5a513c719b9cc988c8b83be7bee09562997c2fd0cf3ea24026
SHA5124e726ff373770c4a502622cf49b0361d02dff81ac831ef84b2944708aac6a5bff009793cd7bf0f2cdf14280a86ea8a0cadd62e0d7af6e6dd6a96a983027ed224
-
Filesize
6KB
MD5e9cd40afdec8cde8ca5c56540e084eff
SHA1317448fbbea73bcb3d57289abf03a2f29f93e63f
SHA256bab4bea416023a475974fb4a3cafaebc8322b08c3ac5659b027071212de8ca63
SHA512532c501fb0b1b6a0db2a78ec28ac078e70b1d8d1c2d8d798124f0ecaf2f0dfd27e9df05e85b4fb0cda505d74502ba77b7682ba66fcb3d159c6a813a825bdc37e
-
Filesize
5KB
MD5712dd961f1d7fcc6cdf105555b50c26c
SHA16bf92c29a6a2d028b9302c7ca3bb42b0a916ee0c
SHA256812ad0c9a4b6c3802c23756bfdd13a4821086e844512e320e4504602e7a86355
SHA5129726db95cae61b7ee5b811295e431b01491bdbd7d083541d563ee3a383521d59d05b46709f682a1e4bf9a3271161d0d7cda1e2cbd4850d0fd3c1f124f3769d5a
-
Filesize
6KB
MD5fb9f2f815e73cadf0cfb82b695d67374
SHA137fad95c6ba4d5098c3e28b0bd530b0c02b35c1e
SHA25690d9d921c856f367b226d76fbcb0b7f52bbb25dd123c462cc5f2c306f6cc6990
SHA51254e5be2b3ef36509aaa456a0cfe61d4ae9d5d1af211f5353134b854a608e03d07be2343746ae29825b55d47f68d94c771ecbc6a2a1bd6a00dfdf9dce3782c46a
-
Filesize
372B
MD5d75d3b00fdb63b7f8c6e586a6fc9ef4b
SHA11d293c916c4a0593516ac950ea64822aa893765f
SHA256908851257ca147338b36b393301f811e4ebdad5ac77554e1bbdf773c35bf933d
SHA512497d88084df478b2827d3d5163722081c7682869780cec6bea0d378e9a03466ccc2edf06b22b956bf48db22236e056b3d8df711715ad087cfaa1b54ac4084a11
-
Filesize
204B
MD5a4c0845cc3c3c307a6f6e9740c610665
SHA1c7a89e3af29d4498e8a13df2e0b0c94164f6f2d3
SHA256fce2f0c2a4b21297d050960ed6724affe3a4395381ee520d5c3be060036449fc
SHA512931ea8f01ff26c538733ab7f725c26036cff6356c346127a180e36e7c77793b4f7d99cf61da8881c5ad6c7aab845ae0ff5cd3b39f2857e33509d9dd5099b7843
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ff0e3d18fc1d31b9a9b7a8894e50ce59
SHA15c5690d02138a88a96638b774e7794498cec4a64
SHA25697fef09ebc77d3c06886b8b17493ecbc7c2d20cf351eed02bf20dbfb72e83b7b
SHA5125f5170b1e4c1dfc0d020fc7e022a7b0878dd292075a22818ae9020d2c59098620d21aec6f5b34940722f36134f87f337cef3c71048b1a3038ede83c1dd714022