Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04/11/2024, 04:30
Static task
static1
Behavioral task
behavioral1
Sample
8f2b47e39dc448937230c2357b659925_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8f2b47e39dc448937230c2357b659925_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
8f2b47e39dc448937230c2357b659925_JaffaCakes118.html
-
Size
36KB
-
MD5
8f2b47e39dc448937230c2357b659925
-
SHA1
73f84c116d96521870f188db196808a4bc1750b5
-
SHA256
a4155673c900e7fdce5476f3e729f24bc6a30c5f914c7f44e686f6fb1a4d6382
-
SHA512
7a6db65f2756b28fbb3cd773ba2e1515e06a19917b715f59a273d929842c6871fcea2e2acd9d032211a50f960792d23f557c6123b469ca922735d04eb94088c3
-
SSDEEP
384:SE7+6DxVkAYqaq+GOW2QZhX68SloGhDm6PR4z/VLqBawoKoQcCFx0Jg9dkc:SE7JSAYqUnLaGhS6Py/UBzR70Jg9dkc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 1572 msedge.exe 1572 msedge.exe 4372 identity_helper.exe 4372 identity_helper.exe 5804 msedge.exe 5804 msedge.exe 5804 msedge.exe 5804 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1572 wrote to memory of 4180 1572 msedge.exe 84 PID 1572 wrote to memory of 4180 1572 msedge.exe 84 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 4308 1572 msedge.exe 85 PID 1572 wrote to memory of 3428 1572 msedge.exe 86 PID 1572 wrote to memory of 3428 1572 msedge.exe 86 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87 PID 1572 wrote to memory of 1324 1572 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\8f2b47e39dc448937230c2357b659925_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff83b1346f8,0x7ff83b134708,0x7ff83b1347182⤵PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 /prefetch:82⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3338852927360575298,3454465164457450648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5804
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5b80fd05ad23d11b1dae6135431e5a4cc
SHA163ac2dbd93c94002e740116fba5d11ac0a73e177
SHA25677c43a3713f32dee298ddeebe11df5a2f9dafddac3fa10a906d4da566f293ed6
SHA5123a8d37527aa74a23f968c98d2d14627cabb15de57525848f90922ed9a6cf2394688a0e6549e8609e2c28f1ffef2ed18f46783b3db019b67153d0928eeb355faa
-
Filesize
1KB
MD5c4a300dccaf49ee18349f6dbdc45c09e
SHA1cc15cb813e02f7da1d3b4b2b2759b04ef4563e9b
SHA2565ef46036548572875c02ec01410196fd5bc5c325caaf96e0993be341e64d44d0
SHA512f2148d8614be36fc198c22f216ed0053bc86471020fecb8da31853ca09a76a5f2822388213b489eef299efbb8e8280a9937d5bec79d9a5217add2df7d6693a9a
-
Filesize
5KB
MD5e5b266a528aae9b86bb40466f489c6bb
SHA1692a2df963b5363280a79007262a8d9f7833558d
SHA256747aeb399dbb5a4bf0615697c24d47cac94179336792c2c569f91cfb660db432
SHA5120f1bdc70c6276528f564ca5af8158d7bb89b72418538d8c9c7d9efcd11731e81564f3f586b1a3df7b847547a89463169be41ef6fc3cb95de47e04685241e13a3
-
Filesize
6KB
MD5b0b2ac7fb6e7755de9ef305a4db16588
SHA1e74ebe6ded688d6f2b8d76f1a939791342334768
SHA2566f6600c1ac4ea10741c4ca1f8ac4b69241466af7ca293c5e4d59dfeab1dcf584
SHA5128ef5ce5f97b7667512a997b0081a871b797e242e0b804385cbfe5c98ca77805b79184a1f219ad146340bef52848cab23eb4b374e6821f71d2f9ae457a7b175f5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b8f04bdab54b0a29952a03eedf157e9d
SHA1b2ff80b1cceba40a402957eee2e9774fbdcab139
SHA256cd72693251cf6c2ad6ff012b6aad29a6ee7a0186617d0a922f1edc2bf9c43747
SHA5120206c2b4797b44f61c9c2960dc0c1c2346890a80b34c16017c7917a09cd09e4757150fd6494544ebd202a88a5cbde4c8d89b7dd12d0187bb32a77ad3876617f7