Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html
-
Size
55KB
-
MD5
fb43dc2bd64ea993ddb0559f2776e1d0
-
SHA1
52e6f7baee5f290aed4847d8f3db86d541159852
-
SHA256
1ab7a58ebd186d33a3906df7a3b1bcea51664c156d5df036af8710d4194dcc67
-
SHA512
1d2ef0c7b548f0f6df1d86f20ad984a43fe7694dc6feab623219ddad5477dad43293cb667de3c817176d8b32ed15f396e315d45c95444e70b73a45899c050fec
-
SSDEEP
768:9riepHvvCIooFPlFMjEYL0GtRqY/DlTxkgV+r:99Hv7oaPlSjEYL0yDlT2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4320 msedge.exe 4320 msedge.exe 4956 msedge.exe 4956 msedge.exe 4364 identity_helper.exe 4364 identity_helper.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4956 wrote to memory of 3828 4956 msedge.exe 82 PID 4956 wrote to memory of 3828 4956 msedge.exe 82 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 2328 4956 msedge.exe 83 PID 4956 wrote to memory of 4320 4956 msedge.exe 84 PID 4956 wrote to memory of 4320 4956 msedge.exe 84 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85 PID 4956 wrote to memory of 3708 4956 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a4647182⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:82⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:368
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5b31f4b8475b68959f1a620a11bf6f7b7
SHA15788ec401a55f95764fdcef6494e7b0a37ce3f8f
SHA25618509552486cdf1395ef057f030c944d6bc43afc100a9178cba340bec3534218
SHA512a45217dc5bc36ce022293c3a617444b040ddeb536786dc42cf76cecb719e5cc470a667f3ac41370ccc5046d4fdb20da411ca1c8163615115a522db53d2bd0161
-
Filesize
1KB
MD5aede5a6c91c0ba912314fc429201c214
SHA1f69c03472148b5e830290d2005c82506fd368863
SHA2566c1b13750852ed359a9baedcb5b1fcb3bd5c1a9e6ec590b8a8ec6d4ff392ab79
SHA512815c7af951a04aba6a4c823f54aa43e22676001cfadadea7c0655c2f6ce4af59d1d597678adff635bc48f52bcf4f0218dc87e6e29311150765ba710dae64343e
-
Filesize
6KB
MD5d86980ff467f748d7c9617655d4852d1
SHA1b2d701ea1840ec674df93576cc3fb00c1b723abd
SHA25654862636c1e69fefa21f5ef049cb7c83f72a562a900dd62bf9a35412d6a7e87b
SHA512bc33eb3b45eadd1372dd7af1177cffca0015b901c12f417dff463f73d29e0eaa73b4c165f12919c6e27c6308730389353353a19a94cc173ac1b3950932c5c014
-
Filesize
5KB
MD553d5875a85147f7bb932d1f4c6ad9ce8
SHA11e169351bd55cb4eccf90e65468ddb6c46e04d27
SHA256d2bcdacdb1f6f99d43d8d9363c9d8e80783744a242cd084d52b9fe14c9f900ad
SHA512e6e14d8bdaaf8c04c409336d4b7c68ac0ee8ea2798b4f317fd54fbb0d3093c8daf374478328006f4d5c7e5b4b01b16a6612098a816a155b1bced6c0c1221ab1f
-
Filesize
6KB
MD58c673a03c5c47bc8c8766b83d3d855cb
SHA1290d1f29945182d47d05c6d9fe312894d70187a7
SHA2563abbce44b7ee0aa64c9de29fdc3f15a4104b64ff08b069c69620df060d1b608e
SHA5124d23a16041c0e40902ed9173693e2cd1708f3ddb1aecce5112db504978d3763d3e330542aee751dcb909a71f5c5a7cd5fddc3131ddd49915477209f2131966a3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5251a0740c447bf3bf3dbdb59957c1437
SHA130c29798465e20ff2b9e549f395019b4b9561071
SHA256c2f079d22823ec2d655318fc30e5950a533031d95971d891dece64b688b3a6f2
SHA5122da59718e271f7bb024bbda9ba60219761df6b643d3fb5709f9d5009ca0db2e81092b8de806ce9571661a82f087ac557327466e09a82a8e9ffcc89265b9c9cc6