Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 04:17
Static task
static1
Behavioral task
behavioral1
Sample
0de1a18b9b1c08f2dbef56a91cf2804a_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0de1a18b9b1c08f2dbef56a91cf2804a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
0de1a18b9b1c08f2dbef56a91cf2804a_JaffaCakes118.html
-
Size
43KB
-
MD5
0de1a18b9b1c08f2dbef56a91cf2804a
-
SHA1
d733262fb953dc2174cfd530b3b55b3a05e02be2
-
SHA256
b20c125fb28957d3ccf506e5a700f9ec11d3b195777d5d763c6cb7f8a7f93bc5
-
SHA512
444f4a0d81f428ef985cec43654392177b2442024c2f4bbace72261e44e80b1dc0a3f01599dbea3a5f9368293c1ca263de92c06e31a399114ebda1b4198a024d
-
SSDEEP
768:Zcd9QZBC7mOdMdFpC5I9nC43+vbTkjH6QPd:gQZBCCOdy0IxCe+vbTlQPd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 2276 msedge.exe 2276 msedge.exe 1452 identity_helper.exe 1452 identity_helper.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe 2276 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2276 wrote to memory of 1464 2276 msedge.exe 82 PID 2276 wrote to memory of 1464 2276 msedge.exe 82 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1988 2276 msedge.exe 83 PID 2276 wrote to memory of 1652 2276 msedge.exe 84 PID 2276 wrote to memory of 1652 2276 msedge.exe 84 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85 PID 2276 wrote to memory of 432 2276 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0de1a18b9b1c08f2dbef56a91cf2804a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc07547182⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11781281748723586250,2246141313114436392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD5d5b27f686cb76985a277de278d120f7d
SHA1641b71402c23ddc68900ad44d974c17433d35147
SHA256f2a7116475f57249025a93f2269b0d3d0a53f7e541eaddf6921f01b7ed5d2fa3
SHA5122535d54b39d4531f06f907754928a61f3a79e41cad725f1dcb619c23441f971e95e708cb94e1581ac20c0a19489ab94fc05ff92bcef9786b16196ce66810c340
-
Filesize
1KB
MD5696164932abfcd9d018c911fe7ec60e7
SHA1199b803207bff3316b14c5deaa09d687601f19ee
SHA256f36c14efaa6ebd7d7cfba9f38b8481d25f80a4f05fb52d7d15199238e8d6d6dc
SHA512f6cf27ce91ba89d7e4f1af1b4ee72bc98f31f7e757ea527235e3042f62872703bc1ba3a7717719e8fb8892f8f249a88107c25c9c4a567605176a2018372dc935
-
Filesize
5KB
MD5ec4146dba993e3fd865f7680f0891e8a
SHA1a5c3143e15d7bf5444a13a8e9bfd1e443aa7f8c7
SHA256e4de43c022f407636d2574c74bb4e15570dacc682a03927277e5c7b0c7300f20
SHA51207dd828433f705f3d92a1e9f2a58cf007b9a9e24e9c87809a80d98fab7fb6344156b47265d8f4c524113fb36362c830956ff67a1b1771768b5a585b7c89b190d
-
Filesize
6KB
MD519178f040e63294671304dc7239499ac
SHA15f13dc0cb7f09bbaa47b945add3e927a09fa0706
SHA256b0c333df2c7a8880bc42678b6ff2cb9fb5930761438bc3fafad5cb557676c9e7
SHA5129b78bac379b4330c7d826381040fde7a09f230cc79a25d63e9cdaa092282b20e22f00aed8a2b2d12772e158562d73b9b5ad29f55cf8f94179a86aa722d095a81
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD596deef24bef85850769297c3184b4215
SHA1986fc0f68f8af9ae4b771505dde0483da4bee9f9
SHA256d392f17aa9e0f048f26b75dcf635a7f01c32a275f56e82ef4f542d0498170bc0
SHA512722d3baa4e40b260911e0e5bfe513812e7942c26e8d74c6b3e3eb95520565e67f102afd634cc1ceda93b938aeddf8ead84a0de06ffaf4f0cb82406b937337de2