Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
3fbaeb0fdbe4a0dda1718d9128dc2351_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3fbaeb0fdbe4a0dda1718d9128dc2351_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3fbaeb0fdbe4a0dda1718d9128dc2351_JaffaCakes118.html
-
Size
11KB
-
MD5
3fbaeb0fdbe4a0dda1718d9128dc2351
-
SHA1
10e871aa316bab7d1b62d0a01588b2330944fa51
-
SHA256
7001b7a0a91ced44a481b9989deb1e9e69f7925567b9fab0658f3a71b8ebc7d9
-
SHA512
56739ecb3091a43a12ba093010059e2d0a742fc78d1b797bc208c379afcf45e03e86bcf37b659de3cff95c2c901805180db54016337b0a2c6cdf83860d3f221a
-
SSDEEP
192:2VtlIsr03Vm8k/w1wvqLkZiBqxn/ACYbk01PVvLuBuLbdU8d:stlIcuVW/guiBqxn/ACYbk0PVzguLZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2840 msedge.exe 2840 msedge.exe 2980 msedge.exe 2980 msedge.exe 5060 identity_helper.exe 5060 identity_helper.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2980 wrote to memory of 872 2980 msedge.exe 83 PID 2980 wrote to memory of 872 2980 msedge.exe 83 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2572 2980 msedge.exe 84 PID 2980 wrote to memory of 2840 2980 msedge.exe 85 PID 2980 wrote to memory of 2840 2980 msedge.exe 85 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86 PID 2980 wrote to memory of 724 2980 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3fbaeb0fdbe4a0dda1718d9128dc2351_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e47182⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6728669704903128439,6880023926589663363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD553e7683d52c1618b563141a054beb2a2
SHA185b74c7459f753b7be1d39a5ff482b6bcfd0e439
SHA256c2973d4a98c005fd1b70101b788dec1c379d21edb57a0ac96145636f0ae37465
SHA5128eb7f97f80a0b0b3a7ec222da3be275c962a2b69b1afaa7276c420cd67b28d27fa7747d795939a38f2e6f117093a3dc30c78561ebd2d71fcd1b43716dfe60f5f
-
Filesize
6KB
MD5d4f078b3a55546a64cec93c5cc6fc0aa
SHA19e52970dc28fb30377f5c2964a77cd0f92ed8274
SHA25612c2c1a3c1f1f268620caf95c8d54aeddcc65762997cd674bb25912e6243ffa6
SHA5126c52ca2ece5aa13367ca4f01a4032a8a14d1bf78323da23f3a765775868ab4a3ad2d317bf5e7329249d54a37800e6139d67b51bd1b91fe7b7048317b522f0f6e
-
Filesize
6KB
MD5e975c92cb33fb4fd7cf9604f52b5d940
SHA1ae7f731beac0ba4f5f8d966504c67010ed8c7157
SHA256a34b7fe1b56a9acb123b8e528b707722059da7fa7664c129590e2960ecde923c
SHA512e90622004b7c4436259783dc52063f7bdeb6a38b4bd2e8759321260cf0566e6ef90d7b07f76be0ec5f2ed03bbb781482d9f8585d9b3207af29b25d6bcf62ba8f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5b55ed93328da8de192c968fd2e8d76b8
SHA15644dd2cdd5eaa4b67f2401384d7beb8c4709699
SHA2566b32cc0efc3ca245937063ef99263d3b2c464eee7f8e0797901437693e1472c1
SHA512ca98c270d32c62b1ae8395aa1e2c688500798ec5e14aa5ef293cbbc4c037fb9a7f82d5792cee3c86660a5da95d73c380fa2467fae2117c99b4b9e1abe43f3da1