Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 03:35
Static task
static1
Behavioral task
behavioral1
Sample
2a121c9e52cdc84ff6ec83a32cb3cf96_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2a121c9e52cdc84ff6ec83a32cb3cf96_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
2a121c9e52cdc84ff6ec83a32cb3cf96_JaffaCakes118.html
-
Size
18KB
-
MD5
2a121c9e52cdc84ff6ec83a32cb3cf96
-
SHA1
36318729ef086690af0fbf74eb740ff0a3e97fe0
-
SHA256
66ab9579d0bf253fb0d760680ff138aa27a8960bf7775e81773c427e003d477a
-
SHA512
a45c5d27b7e9d2614062108998a7b63218ff7942abb32fb082a66d061f19962fc01699abbe35bac7671870809bab9ef4d8c98882cd2df6c35bb082a973b490d4
-
SSDEEP
384:y+crv+TY+E28rXzOBuKx3RjnnNcmqlMozZJ2:TcrufE28rKRRqlPzi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4608 msedge.exe 4608 msedge.exe 1088 msedge.exe 1088 msedge.exe 2044 identity_helper.exe 2044 identity_helper.exe 4184 msedge.exe 4184 msedge.exe 4184 msedge.exe 4184 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1088 wrote to memory of 4880 1088 msedge.exe 85 PID 1088 wrote to memory of 4880 1088 msedge.exe 85 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 1816 1088 msedge.exe 87 PID 1088 wrote to memory of 4608 1088 msedge.exe 88 PID 1088 wrote to memory of 4608 1088 msedge.exe 88 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89 PID 1088 wrote to memory of 2420 1088 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2a121c9e52cdc84ff6ec83a32cb3cf96_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6ef46f8,0x7ff9e6ef4708,0x7ff9e6ef47182⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:82⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1148956242385601343,17348783345561822559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4784
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5d8d3541225b42adf1894cf6914a7310f
SHA1f52d7cc276efa503a5141ef6937dc5998772ccd2
SHA25615e7f0e4873965a40443da16bb109f04c643a608e0fc035989c061b6a02a366f
SHA5128184939f1cdcb71f23d433fa6de06fbb3546468835699cf606562e0566b8ef163003e9b79eeafdf17d5863a8adf5a42797e3a78074202a9463b3be42dd4c5765
-
Filesize
2KB
MD5103fee33a60a6ad572aafb494fe14390
SHA18be4f43d75404f2c022296f5dc0efbfa046f245b
SHA256073c309ac22becf5ffd9aba8bc21d44eb1b88997db468e15fe669c94a10342d8
SHA51234acbf9a927cc85468ee11121f9c038a4e394983e91e75d39bfc6803c0163784dc3f298c89482f5f5dfd8e20885a1a6984c70a1aac1e21b6b5fd5df36307398b
-
Filesize
6KB
MD5a0c60b95bf92ab6cbba15d2bc338156a
SHA180f844f8b2efb46018250459735fd47354485736
SHA256f0df4124163e6c9ba9e429526644354aecb9618238323533aed0681f9c9f6482
SHA5120030a10ab3dbee62e160393435211072c2e8f44b22222e53a77c47675b1138021a76be7ffc38d40527bd3145b725806a6b739ecfe8455a63dc9922ffa17a1e63
-
Filesize
6KB
MD5fed58e8d8576b25b2eb7bdfdf7b15fab
SHA10bc7a6199f003f2d5cf39c59ef177a927cfc99be
SHA256be451a9f9221d41ca215cd156fd4a45a0e6869e2d939d0bb16cb4a248d72f95c
SHA512b45c815892ee232601501322971e7ab54f7def7e84e7923dcb154a8aae0c5122eaab1bd625b890be825c8f190ee3765197e8d52e208b1da8e9a3dc29ccb4a68e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d9bbfcac01f4dcf8aabfaf730d9f031e
SHA196ce427f2311002c48d54024e55e17dc6baddb37
SHA256181c82eda2e50b2678847b368fa91386a72207878f8508fa057314083b29f64c
SHA51236e31447db03d349f2bd4108d10316d62914638f7174763872d4cee42d3a5d1f7146eb566ee27a7e0b7463bc22baa961ad0f630b28773086bf4c15144c44a12d