Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27/09/2024, 07:21
Static task
static1
Behavioral task
behavioral1
Sample
f9f98187a5546c7707fe5712bad1a18a_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f9f98187a5546c7707fe5712bad1a18a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f9f98187a5546c7707fe5712bad1a18a_JaffaCakes118.html
-
Size
57KB
-
MD5
f9f98187a5546c7707fe5712bad1a18a
-
SHA1
5f211a7eb2876cee6376b5a56158c33c90fdd053
-
SHA256
13bf1e4decbcd9d7e1f7258a6687e9fa4075e34a2c14c2481ca0c2e466fb0c3c
-
SHA512
37cd6327c15868e9b23a423a779a1847d0717e0b6e98124f2e8b2becdf38081a4c4c60305da3df6d1ed7a17c3d0d208b4402a7664548b6926756b16ca22589bc
-
SSDEEP
1536:ijEQvK8OPHdFAeo2vgyHJv0owbd6zKD6CDK2RVroDzwpDK2RVy:ijnOPHdFk2vgyHJutDK2RVroDzwpDK2m
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 996 msedge.exe 996 msedge.exe 1636 msedge.exe 1636 msedge.exe 1340 identity_helper.exe 1340 identity_helper.exe 320 msedge.exe 320 msedge.exe 320 msedge.exe 320 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1636 wrote to memory of 4460 1636 msedge.exe 82 PID 1636 wrote to memory of 4460 1636 msedge.exe 82 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 2400 1636 msedge.exe 83 PID 1636 wrote to memory of 996 1636 msedge.exe 84 PID 1636 wrote to memory of 996 1636 msedge.exe 84 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85 PID 1636 wrote to memory of 3404 1636 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9f98187a5546c7707fe5712bad1a18a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa240646f8,0x7ffa24064708,0x7ffa240647182⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3246507002130371879,2732266462046490633,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:320
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD5d717e62c937b7c316f8a8653b48f97d4
SHA17c5c719c746d3327caef50c33f4a41b1d59c95b6
SHA2561eaaf59aaa786dbb2ec021d6ee94aa37543c98ee78831d73f56284bbe9d50e5a
SHA5124648c80572c9b0b880b19366281770a3f7443bacfea4e8d56f523de9ed2645fe56d30df033cd0d1686cf1d2b6e07d926d930a054d0a2a2c3530d829267162ddd
-
Filesize
1KB
MD5b404981b7e8c805d455ed37309f418ea
SHA14d0f24937a44cacbf5d2b6b50f0ff7bf84a03d2a
SHA2563fddc23f937ac7238ef2becf8a63ff21b9a5eceb2b15c91a08b35d1b085f3018
SHA51223bfbd447cee60c9579aee6069c5630374ef5f88277f7a53dac1d89283691baf53c8c94d0bea26b26c95f169a11014f0f715a56ea722c703a8bbff76df33f253
-
Filesize
5KB
MD55be76d2cd98a0faa840d8b271b808e51
SHA1ba0135e9f7fa491df8c71eda0ecd354fc2f03320
SHA25682314422680e4fa1787686e94c5dc3914223f43a9e76c430231f98bd0c82f7e2
SHA512f7239dd5e2a9facf0b4501eb3adbe7e60ad6264fb1e065c2fa4c019000af535d3cbc646d8dada4fbaa48367cf7f529b687d0c60134f5bf034662eeaf177caf1b
-
Filesize
6KB
MD54cc641a442632cec4e218d8552d2b82c
SHA1174bce6ca54f81a9707cb02499957f0ffa918614
SHA2562da4f0655bedc86453b649c2252feec94999a9549e6a2c8a327505a4946b03d7
SHA5129dca0ece17113879ee4d8322d9f0d1de4bdd96e80f51b7a6e8384ecd654e7be117420f8a987cabe699de2d5cb01965779f973ded70396003b65ce3483c5bd64b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD558ab3ff8fe629a23c579cd5d82dd3c28
SHA1499696e093870425668f6a991d205fea73c1a1f8
SHA256bb5e3feebe525b1f0a58d230743f504dbb8c34b1d63a72bf4bb12cb30c73dbb3
SHA512efd2d08f76d4d7507c53155e2693c984dfdede546f70971b31588d49d5a5d62be38ea434860e168ead3fe1dd0b4fb3409dfb82474baa0ef23b74e8d1efc0bbb9