Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 17:37
Static task
static1
Behavioral task
behavioral1
Sample
436272de4c2d9e0b815a6e9ca6aad8bf_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
436272de4c2d9e0b815a6e9ca6aad8bf_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
436272de4c2d9e0b815a6e9ca6aad8bf_JaffaCakes118.html
-
Size
336KB
-
MD5
436272de4c2d9e0b815a6e9ca6aad8bf
-
SHA1
a212b995443174e533cabf4992ff845b3c6d89f8
-
SHA256
a03314685fdb31620f21f6677b3e591c0c03e40f821ef821ff7906e990f8cb93
-
SHA512
78182d1437cb5f77e821927487d5b737fa27468e1b2f4773c7a40e61356769cfb75e2faf43f141f5e45a1c8db1951c3487a802a844111949b25f546561050266
-
SSDEEP
3072:eHWj539W4isuqz6DWBAIJhBRn/8Xxvu5frWy28rlPxmDZeBtk:eHWVtWhhqzWWWGn/IMf6yTyDd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4736 msedge.exe 4736 msedge.exe 624 msedge.exe 624 msedge.exe 2460 identity_helper.exe 2460 identity_helper.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 624 wrote to memory of 4900 624 msedge.exe 84 PID 624 wrote to memory of 4900 624 msedge.exe 84 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 2548 624 msedge.exe 85 PID 624 wrote to memory of 4736 624 msedge.exe 86 PID 624 wrote to memory of 4736 624 msedge.exe 86 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87 PID 624 wrote to memory of 4316 624 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\436272de4c2d9e0b815a6e9ca6aad8bf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb382446f8,0x7ffb38244708,0x7ffb382447182⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:22⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:82⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,2250815310353379089,1254154780649594133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
23KB
MD5c6ee151c95d5bd2339c67eca774449fe
SHA1c2de7e4a87b91ddd246fee53b8274b35fc55603a
SHA25665edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09
SHA512eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8
-
Filesize
45KB
MD5ede70f717200a59b4cb831635de913a1
SHA1d4d6e893ac192b5df087e924ab3356852f8a7bc0
SHA256c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051
SHA512b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5947afc91ee8bf390b3cd908bc84b53bd
SHA159266908e64db3222ba79738458cae317143d3d1
SHA256e66d53e87729170bc6061af6a67e84a8546e9b78714f58d027a55b2d8085cd57
SHA512338984c9b57fecf735e8fe7af5406fe8e7ed885409461220656b47440a857798ce7fac7558b500dbddb52d9568f37d8eaea20a190b0db2d098972cffbace56f1
-
Filesize
1KB
MD56dbf9fa84b7a2329f08b088d1f34cc1e
SHA1b069152c18aad63abb74b14c4ef201453f339aae
SHA2562f59705ac9664f3e613804d1bc2436d82b656a8b4a12687ccd977ee8eeeee51f
SHA512d2eceffa0099e52866cf48e42395d856ae2438f88a82da2d73278b5839a44b2d042af4a2e5ab5ce31f69154ce899bfacd52073487a192b0109c95fd5ffc0bff3
-
Filesize
6KB
MD5fecc7259db54bbf9e1eee19cb45cf868
SHA1bca2a8c0d355fda1b6dc255a40b748d5fb504290
SHA256e30917551160924262fd06230471eab3159678be3962701ca73a6be3ef9ab89b
SHA5128492509545a4af424a99803fcb1b43a943af98f989ff988b6b8271e6af032856fdba8d06a0017df4b59728c2429de6239b89007b42e7f4359335efb3d60d6a1b
-
Filesize
6KB
MD5d2341939d25c81c1709fc795561e481f
SHA1b283dd765900bb1ccc9767de9543c59520f02abe
SHA2568d808ade7b5fead650ac868154e2a59fce5103c4ed99b340d55b1dbd020391bd
SHA5122599a8d3facfa4dc36976f4b372b0458e76f5680d2e13c0f9695584b444c41a105b2ff7dbbe4be19510a70283d47cd9f9eb3fc7a660c8d9c8840507382805212
-
Filesize
6KB
MD5579737d82622ed8373f7ffc3332e2133
SHA1de843b5f3556a0b14f5548cbfb160a86033ed519
SHA2563360a176f11a0c38e20fdbd85fed7d785d1e46b4272e68e192e0a6e7ff506d2a
SHA512d85cab910b2c1613c1a84318c47421e97814faa2b88a384975d8aed24162f48d0de7488b3d9145b126012d2d4bc275e2cf287039addd43826e82b6dbb5cb55c6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57bad82baa161e54c8144674b158a3713
SHA1ff4458b9d43ec3d57c606bbd6c39e97f98258d6f
SHA256c43b41dfc6137626517505e2fbe7e5da5647cfeca3ab3fb46ff79b028f6db3ee
SHA51286c7629a5b80fe56bd4a894a1fa44ff5e86c8e0f516c2163f45fccca3764a64b910001739ac416522cd3a6845220b299de50b043a55b0c52a32f7d80ba51eb9c