Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11/01/2025, 06:48
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_f9f55794306673d5edb24ec1fb8be4eb.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_f9f55794306673d5edb24ec1fb8be4eb.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_f9f55794306673d5edb24ec1fb8be4eb.html
-
Size
1KB
-
MD5
f9f55794306673d5edb24ec1fb8be4eb
-
SHA1
34fa0ede5bb845c9556547106e22b92b1c22d1d5
-
SHA256
0ac921049dbf9b2105c294a122b2fab693c60a9eca04e754dd19ecd97d628fc1
-
SHA512
53aae73c4c25776bdac8baef91c38266079758a97c13a27e85d80547c82b285b133ca3698c87de221a4a3f1e41c060b176dfb8193bc4966ba33a84439742060d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1028 msedge.exe 1028 msedge.exe 4388 msedge.exe 4388 msedge.exe 3152 identity_helper.exe 3152 identity_helper.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe 4388 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4388 wrote to memory of 224 4388 msedge.exe 83 PID 4388 wrote to memory of 224 4388 msedge.exe 83 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 748 4388 msedge.exe 84 PID 4388 wrote to memory of 1028 4388 msedge.exe 85 PID 4388 wrote to memory of 1028 4388 msedge.exe 85 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86 PID 4388 wrote to memory of 2400 4388 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f55794306673d5edb24ec1fb8be4eb.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9180b46f8,0x7ff9180b4708,0x7ff9180b47182⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7159686155470840520,13061522598152065895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4284
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
5KB
MD5eaffecae8659e2a0009d3b900ee5a831
SHA1b7411d7b1da3eff4335837a45a25e32e31e5eafb
SHA2567f31139199de2e2b63abad0af9eabcb73c5d1eceace8a8b7a53290f966bb5510
SHA51214275b24d38e9ba7c4f9d463eedfcfaa9c49ff744a84802449171e2f7f89109dd72b0492b9eb3e9c74f04c70da276ea8811b3afc6b9153cb88f7cfee59eacf9b
-
Filesize
6KB
MD5d3824254abdc7add249fab3e56254b5e
SHA1449415ca25fbc72c9e6cebdfc1201151473e2996
SHA256e0c433ffdc2d60ad1a7ecc778aa5d1a8f7d430fa9aafc7e4b07ef1f380a65007
SHA51276e5786aac0bcba96f3700170a5de73f36adf0e9944e525c541975f570f2e962873f3ebe4247796c76056a43db43d1357c9e2da7846891d853c27fce795baffc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56935fd2a63ef74060456199d8c6ca0bb
SHA17e86b5ebea67ffab8842df4e01d7fb1630be1a03
SHA25669a47fd90f405df71693f283e65f44878b5d4f2eb951be9f5c0b68ca19c8153d
SHA5126b3f6e206cef35f5e1c895906e887d7ec0c3347e6a284f90a3d61b8dd58fcc29c375bf232baefe980874913a9e837802a410027e4ac371462a3e5a451800efc4