Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2024, 10:36
Static task
static1
Behavioral task
behavioral1
Sample
12fdd67cc2f9c04e0576828f7947f091_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
12fdd67cc2f9c04e0576828f7947f091_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
12fdd67cc2f9c04e0576828f7947f091_JaffaCakes118.html
-
Size
80KB
-
MD5
12fdd67cc2f9c04e0576828f7947f091
-
SHA1
81c3d7da41b21209392fc9c4b3ea069e0c2b3797
-
SHA256
753aa29b7a6e502ced0c428dfffd968fcb35f37804af6cb21c69ccd87696266f
-
SHA512
6aa062546411df085090a322a8d02f4477a8baae4e53e68070e03edf91d837a5dd591cdd578a4558c84fa4f2abbe05a2e712121d7d1a6470193f70aa512b9a04
-
SSDEEP
1536:wWtcPHHGPgxTYJ/uuVxLk9/6P7pinn8VHd1:wWgHmYxMJ/p7pinn8VHd1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4620 msedge.exe 4620 msedge.exe 2960 msedge.exe 2960 msedge.exe 2836 identity_helper.exe 2836 identity_helper.exe 2420 msedge.exe 2420 msedge.exe 2420 msedge.exe 2420 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2960 wrote to memory of 1184 2960 msedge.exe 83 PID 2960 wrote to memory of 1184 2960 msedge.exe 83 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 3828 2960 msedge.exe 84 PID 2960 wrote to memory of 4620 2960 msedge.exe 85 PID 2960 wrote to memory of 4620 2960 msedge.exe 85 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86 PID 2960 wrote to memory of 4884 2960 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12fdd67cc2f9c04e0576828f7947f091_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9d046f8,0x7ffba9d04708,0x7ffba9d047182⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14201322002128166491,12286333738717957806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2420
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
23KB
MD5ba16446d3d17a4f4aa3c0880fc626139
SHA1dc8508bb58c7fd75a075be5b1948f482691d25c0
SHA25683c4e32b4545e45bd3e673698c9c905a7f9ce02ac5c08642e5ccdf2624c7a35a
SHA5124f9025d959fe3dfb874baa5765d9b46d8b042b6772a4f79e5d56ba4226b872fbca5eeb60ab93c3c247445e879194cd787de7eeb4cef8654ba0452a8601e05711
-
Filesize
45KB
MD5ede70f717200a59b4cb831635de913a1
SHA1d4d6e893ac192b5df087e924ab3356852f8a7bc0
SHA256c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051
SHA512b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD55eafa452d08ff0252fb90c3465621236
SHA1c6e8235a6388eebc3c413d99af24ac44115cf559
SHA25618638f581d6bf98004b2969f8375421523d4089ee1d702e7bdae216784c4208d
SHA512c89bbc2a85449085bab311fe72d443a11768157207b262cfcb98c3b058612ee9567fad27c02e57d29c9bd5427d0c7c92bea80932d9f414d11151332b0c07e143
-
Filesize
2KB
MD57a73e93d32c8cf9209f1c8a96b1253b2
SHA13b16b1e411b572106567513d58f5043cebceb4f7
SHA25603f7b3c9f3cfbfaad7541733c696a33a2f69e667d4d865361d9a5ae7a38c5062
SHA51209efc2acbce36ce090d0a2db7f62894689edbf788fce4c3a717420aa4989f365caac1dc33f3f7f4ae8e2c5a5d0293993c3def54304afa25879175dff81b61a7e
-
Filesize
5KB
MD514669f788480a8f328a17f483271d461
SHA1003d88c8b34cdff648914e6bd283d50b3b0a70e2
SHA2567aad26a61d629e4e1f315b905616f293da9c470337530e56cd6a8af8a169cbcb
SHA5122279b391e95c4f1e00edc662b668a8a9444a200ec9c4a18947d47b1c22d6098abe7d8d96b631b985a2de4d8e501987a7d3f558c351b6315679b9ca8f05abc44f
-
Filesize
7KB
MD53c0b495791ec0db08f45f7219cb9f34d
SHA11ef8b656955756f89997d9ffca965190bb65607f
SHA25636a6bd9ecf1073598f90d2fc475a7c9f7477086f33e0efc412f62136e321811c
SHA51267d3330d9f46190e8720a5fe8f19f3d0b69aa15ebdfcbdf302dcb71acae8999f29bc02b67f2f57e7c7b3034a7ead8bbb4178362f3082073c90631cf84457c837
-
Filesize
7KB
MD539f55904f384cd95cddc0f16209274f9
SHA11765a6a7af3af9f2902de83503d0016eefd7b80e
SHA256540246a103cc5cf29604f3988a23a51733864c5b92ca34b40ecead73d653df79
SHA512531a77d564491455032a3c804a0967c6ac4e495a2894c7c23360656537479ff44193335267e3e93df8aac5eeb2963101db0b8af98a0e72dcf79e5010a565e554
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5455b5df57afd54725c4f092a0fd5c098
SHA169ef4b9b2c821dc23fb8a4030c1594f6eb1499bd
SHA256b9d3c647fea5c6c3a136042de388cb82ba59decd86c6d825e2cdd7336222638c
SHA512571d49796f3517f435baf1aa81ce85e67469b6c5cb4d6f2dc0e4ac9964307d5541638b4a3c28aebb9d82408f5c7b1a2117d44acf6f0ddd0fd23cb3ef08ebb1ee