Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2024, 07:08
Static task
static1
Behavioral task
behavioral1
Sample
12573279609cc4fbf726a5d1ddc45378_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
12573279609cc4fbf726a5d1ddc45378_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
12573279609cc4fbf726a5d1ddc45378_JaffaCakes118.html
-
Size
28KB
-
MD5
12573279609cc4fbf726a5d1ddc45378
-
SHA1
92ba0636d824b89b4f8fdf6ad799da1ead69a6c1
-
SHA256
6d66ed2f6f7d287704c19015a9d07dadb13bae79fe6b525c7a6d7be16321fbcc
-
SHA512
142d555bfb9eb0020cafbf9d008a818fa57041d30d381a3787024881ea452809ea1c5b8c4a68417056f01e851eb9042183c2a772258bb04d7f2d34b77a357350
-
SSDEEP
768:Zcd9QZBC7mOdMUVpC5I9nC4rwDwSwxHPd:gQZBCCOdx0IxCowDwSwxHPd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3852 msedge.exe 3852 msedge.exe 2904 msedge.exe 2904 msedge.exe 5040 identity_helper.exe 5040 identity_helper.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe 2904 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2904 wrote to memory of 448 2904 msedge.exe 82 PID 2904 wrote to memory of 448 2904 msedge.exe 82 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 4544 2904 msedge.exe 83 PID 2904 wrote to memory of 3852 2904 msedge.exe 84 PID 2904 wrote to memory of 3852 2904 msedge.exe 84 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85 PID 2904 wrote to memory of 4468 2904 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12573279609cc4fbf726a5d1ddc45378_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f946f8,0x7ffe80f94708,0x7ffe80f947182⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:12⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:82⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5345007027400537314,955811749506000811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1696
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD54486680508684fb9a6bd9628adafc116
SHA16fd1ed6810475b0d84c0f3872bb2249e7e7dbc95
SHA25689a4d47b109960f53c5b5ed1c92d8161ca6fe7c14ceace30cebaaa7382515095
SHA5129d0f43a3bf8455ffde792d8d3443d6f34285038973857d41a88f00e770b91b16b893a812cea2565f0944c31f085d349c26005d0bfc7f64193d57ec556142a65d
-
Filesize
1KB
MD57fad3995b1fef7b0bc260a3b1a17332a
SHA1c6e04dfa46c99c2cb249a65c7ff0455c2e39f1d8
SHA256790d6876df015b99053f6655cd54759a8f7a79bf312a683bfa2a767f9bb6d248
SHA512d8650125dcfc00b0150aee9ad0e8a71d5ca52a38ce3be4768fe0df723c4f0e6793ebed0e55ff09ad37d81a39596ec6f7e0b25cd22bb7a34a22ee8c485dc5d7b9
-
Filesize
5KB
MD5dde7ec2e5e4114bf995438bb117648ea
SHA14b00244f3cd5c7efabeb90e763a9e7ad946fa164
SHA256ee7c8314d84cb8acf4f49a36ae6e545cde6372c63e8c1c59ca986507bcbea714
SHA512b06019c853c1fdae4461bdf20f61f31e4766d6c825b7a9ce17f87c5b6b38eb291cc46de211622b043e085c17ff383347be8b5e9db7414aee0b0ad87efd14bc5d
-
Filesize
6KB
MD582e94e3117bd8b390e7590fa8a73f170
SHA1ae328bc0840585ae46a7d87c43d36b0511e24530
SHA256d35cbdf59aa75800aa26441ac30b4a7cd35345e3299b555b88dda2eba3703a1e
SHA512bb4ae56402ca9e1961d80697d7d6246de74f8f47da7f62b2d184aa2e4f608356f8840b8f7029aeb2f222e94f557b59fc81fe80215a39a08be881bb8e660f27d3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57ec54fd257cb8e6312f32640d1e838db
SHA1fce56eb4ccb988d7a00618d9431f472e175be670
SHA256edd3d944cdf1f5cc7196cdad30f600ee767713ecb28592ffc23962aff0d7669d
SHA512cb04423e16e03cf84ce9678f749fb03e5a3d71f8afbfbca25abe9f2558e86c6d23244cd0c590b22e2d4a7124e60a7e217882314786d095d7dcb4f7c4dd737bbf