Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2024, 13:58
Static task
static1
Behavioral task
behavioral1
Sample
13a1f98925224282b4006213c6ac7ad5_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13a1f98925224282b4006213c6ac7ad5_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
13a1f98925224282b4006213c6ac7ad5_JaffaCakes118.html
-
Size
21KB
-
MD5
13a1f98925224282b4006213c6ac7ad5
-
SHA1
8e595596bbbf2508e8f8b1a060d5f41c0ff255e7
-
SHA256
86b07f85f8f802f74434c1b98d26d411a16a41a98ca28ec7b76b28897e4ac1c4
-
SHA512
44b4bed0e153a3187b8c1be681c85757e2e5c1b6d73b7db81d03944aeeb074ccaa21db16b810b5929a821ebf4ca36dae54f25e60f062e69e0c9019ea8e919c41
-
SSDEEP
384:SM/s2LaTSf/hfmf8DzwyOaj/ffTZdxNmda/0/RI6/Aa/0/RICQdR3:SM/6YcEdYSQdR3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 2924 msedge.exe 2924 msedge.exe 4368 identity_helper.exe 4368 identity_helper.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2924 wrote to memory of 4228 2924 msedge.exe 82 PID 2924 wrote to memory of 4228 2924 msedge.exe 82 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 4860 2924 msedge.exe 83 PID 2924 wrote to memory of 3528 2924 msedge.exe 84 PID 2924 wrote to memory of 3528 2924 msedge.exe 84 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85 PID 2924 wrote to memory of 4380 2924 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13a1f98925224282b4006213c6ac7ad5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff47182⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6171157892379711475,17533820199148283571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1232
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5f08fceb5b082afd99953b6d6be7a3719
SHA1df77f8e317b528398c85b5fa89f203219b779ef6
SHA256b1d2c4cfe1632a1f3992597e6aa63e4fb2c4f5ce486d928240b482e529971a29
SHA5121d71e09be765e729cacb3117e4a050c22c3cb49b35e627f674866db80be5408c3e70f3ae0682cd1c0a3655a7a90db615428be190ecb317c082dcff0d60a5ae18
-
Filesize
1KB
MD55783a6033848db55f21bfb743efd8711
SHA1fd325b5c8fb5070afebd857893244643c91ff80c
SHA256225ea563e84a098132806e3f502351b28bdef03cd43d14521f195b23a62e0ee6
SHA5127c19f3b461d4e3bdd9b5300ddc7cc0664162e8928a31c225a04d4e41708d28b355ca244abf5fdd8f48ffed0fed5bb0370e5708b1fb8ffdfae9234e104ae10885
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD57a1de8c10c31f597724513438274e8d8
SHA118be60414a734273688a57243daea2b6dd63113f
SHA2568dd2d8b3ad673e7bfd9e87e7309d514e8b3ce7ba4bc35b88aa44158a9dd8c2c5
SHA51291f8161d6a4e47bafd92c4258da9dbf8bd4d67b8da5ca08ded4aa3cc0c4f65e7251ac9d02a7ad410a9a1e2d33ce9597d65772204f7e67a3d0137d8c1f0e72b29
-
Filesize
6KB
MD5ee8ffb7df76631669cb2369efca3a26d
SHA1e51d51f85d6265903b6390adc292add2858f2e9b
SHA256c1278680aaa5dee659c8bbc24a5c53dbb3158ed37d6978a7ea6381bbe92885b4
SHA512587610967e05945032509931a18b532bf75078b75f1a51820c0b2815003121af5b5531f05c9c0f27a0fbe666caa2a38b5818f60dd93ea0ed2eb70079b09d7317
-
Filesize
6KB
MD5ee06ba763324aca24af1493fb4d22166
SHA16692099b48188d60089db586d6ec320432c16925
SHA25671220ad262fa078e77bfa05d5f06a5c4f6bfd8c29a481d665de035816d8777e7
SHA5122dc3d6c79ef8aa59c1f30222a3dc7e6ae3e7df6315399d59bfad2097173106b27d6c34bb3a824642e38b17c5b01bde96c589ed765a4041e150924bf36729c55d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57a639e72eebf73a1dd68f0a8517e21f7
SHA190a24d44ba093bc8609791ae82fd1a8a23fcd7d0
SHA256e34dadb24b5e5ca279f35546401bc311b23a146a2cca2871e22bf3bfaf9c72c0
SHA512d43ec17101ad287e6aa345f5279265fcb96fa3d1b04bec43d50f30e28921359eccf9c478dc32be460864b0236f34188bc24d69edbf0ea3d5431192baedae31df