Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2025, 17:46
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html
-
Size
36KB
-
MD5
93229fb83fe400f64ee66dd46ee94172
-
SHA1
f107e48a32abb6fc06cb6f063496e9f6da647524
-
SHA256
4cc9d96a16985e7b4dbacfd7c8b5f69b8b109149df965873a3e26fc35f55dd34
-
SHA512
43ba2227b0357c5381aa76d919fbdff53e2f52fdd3af3173c7ff4ed4623835ced8f81b641a8a2e841d55e97e766e88c6ab38f03cdd31303f526f0aebb1dedb2c
-
SSDEEP
384:SiJ+9DxVkCYqaq+GOW2QZhX68SloGhDm6Pl7n/VL+BawoKoQcCFx0JV9dkc:SiJSSCYqUnLaGhS6P5/kBzR70JV9dkc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2268 msedge.exe 2268 msedge.exe 1480 msedge.exe 1480 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe 1480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1480 wrote to memory of 3768 1480 msedge.exe 83 PID 1480 wrote to memory of 3768 1480 msedge.exe 83 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 3952 1480 msedge.exe 84 PID 1480 wrote to memory of 2268 1480 msedge.exe 85 PID 1480 wrote to memory of 2268 1480 msedge.exe 85 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86 PID 1480 wrote to memory of 1608 1480 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccb0146f8,0x7ffccb014708,0x7ffccb0147182⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10570349244496359316,13899949985847909635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1236
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
1KB
MD5d29cd3a7a7e242e43ddd63aa4796ba8c
SHA151d7392471599631b794ddbb5cc093f8faa3b9a1
SHA2565c8254252904fb60dbd4538cad9508855495158099d1b5eb4083f82f543fef3c
SHA5125ea5c26cd393f6421f2952f4221a9c30086a0e57301cccee6589e5a36452529a569cf6f861f71135db4acfd45f877f8895ac71ec380fd90fa91ba4d74b79014e
-
Filesize
5KB
MD59cd1278c29a25454f25af8f5b567de5c
SHA16b0668a464fc437b0534cc30194b56954ac57be9
SHA2563616cccb8546225c4b2a7f244a525164343d0cd06737cf71eac111a2b9393895
SHA512029a49a321b51b33b6b33c14c7af79b1b9b5851b02ef83b57620172ee698b1597416f101aa7a1772de28cd67487db2d8f165c73a9e33309909e643360b25e144
-
Filesize
6KB
MD59fd14ec2140195e00d38c328e9b80121
SHA1b5e7020baf93ff554f5f14cc83bcf3ba4230275b
SHA25659ff8ce83db8bcfd818afa2685ce3a2d072f45f45147b8491a76e8ad056ff1bc
SHA512d40d87c146e342ca057e5b6d88d84c3350a4a383cd6d46d6e093c808fb27b6a2fa015cad32a2698dacae998e34ade5ca899118903971fe78992baa4efae53715
-
Filesize
10KB
MD5717b7ff17c41a38f3a97d213a8340821
SHA16d48184e72fe9adbcfd33b256f73a24786775628
SHA25660caeba687675f205baf782d89855ba8cc6a49f7aafe3e665926aa28c423a7d7
SHA51295afe87b4e54e0c0155e2f9f4f42e5347977169ddc3e424672030e424c2ee0f24ec86fbba87bfb10ad7f40b3a5ee8ec3981cec709a036940344ac37eb00c1f66