Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2025, 04:36
Behavioral task
behavioral1
Sample
JaffaCakes118_3c08c4bbd20dc33117169176315a7728.html
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_3c08c4bbd20dc33117169176315a7728.html
-
Size
199KB
-
MD5
3c08c4bbd20dc33117169176315a7728
-
SHA1
8ad59cfedc7285a45b86715f92e479947aac9659
-
SHA256
37a80ab139fb878b89ee86cc8bdedf90ee263cff442d00fc9edd8b9f5826744c
-
SHA512
38d5d1884c986bfcc8b2d5596fd208134d850db83919dfc2a21f9501cd79d01486fd1a15bab15b21c20ed1d013f16e3bc1b093122536b16dab262af9ff918d50
-
SSDEEP
3072:ZSnpywl9Nv3c49nSMhMwM0uusFxyfNRCqhVgf5Mtg3GA:Zoywl9No/qOD7
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 37 sites.google.com 39 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1800 msedge.exe 1800 msedge.exe 764 msedge.exe 764 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 764 wrote to memory of 544 764 msedge.exe 82 PID 764 wrote to memory of 544 764 msedge.exe 82 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 3508 764 msedge.exe 83 PID 764 wrote to memory of 1800 764 msedge.exe 84 PID 764 wrote to memory of 1800 764 msedge.exe 84 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85 PID 764 wrote to memory of 4012 764 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3c08c4bbd20dc33117169176315a7728.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd647182⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1196 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8329465230430416154,10817718416892423258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD55cd65ae9a1452b5a3c7af214de242496
SHA1671854233139f381405218191aef17999686259a
SHA2566006f99c681f32476ef43ee5102d2d2aabd0e37b425e02deabe6d0bcd303fa34
SHA51289491e952f4ad350d47c4fda5fbbd517098b16fff005b161b4cec0e48d073fd8c9f397225e387baa9dbc3d38ac35bbdc758d91da62225e0788b97ff221cbc771
-
Filesize
4KB
MD5a8956efe82c250674fb3901150eca67a
SHA135f4d44c01ef884fbbc02712c08efd51efcab882
SHA256ffec074f713b9dc090a266da81158be3bc7aa25ea9d485c71518dfe6f063d4b1
SHA5127d992675696a163e9a74833e805377199077eff3988631082a2b3444e0b95f1030b853c532e2138c98db17a55387a3fe08f60b09c6d93fc19a7106ab138ba051
-
Filesize
3KB
MD54b53e1883b1e2941ed30db2997cb5dc7
SHA13561c22a05aa37edda13e40c95ff655f10296776
SHA256c1de469453c4c4cdd0f1a3e453fb8f54b19921f495b3cd1c685919e7a48692af
SHA5127ac1f44a857b7d1bc12ac0b1b201bc936b36a16af393639a16a05ddd18b38616d469e765e1781898c71eae54c4b6f1883ab6b9e29f8a2915979a1aa8783413f4
-
Filesize
9KB
MD59820d1b677a71c055a7265ca1c0d41e1
SHA190fa4b0b340044e5ef2b805a88ac262dc686e8bb
SHA2561b36a9db3e1aafd5108586d93372cb08d296210848dd566fdc8fac59413f523f
SHA512cf69e0e306dfb620c7b6792912db167a17482e50c5621fe38e2893c085860d650564dadefa0a392c0209aaa14e5ada5e9c88420e10ed19956e46d54dfb606d0c
-
Filesize
6KB
MD5daf6c353c66ebf6f29b632d72259b7a6
SHA11bed0a0ee1a59d958bdd251af413fe34b55bcac7
SHA2566ff498c334806e5edd4cc1dcc36f9ad42fe7f91b3c15e8d44b67c2ea5edee116
SHA5128453de77e85dd1876a916d16373a775c1047e8becbd58eb878914cc06717b49e957a39fc14531826cf3a418614bb69a41a8617703f8d47e262c7a1f6aecf52ca
-
Filesize
5KB
MD5d3c2e4033bce91af2f06dc0097862289
SHA19e73eec338bb5727b3da4f30a38b77adb9c765c5
SHA256f9ebf1dcfe645c3d15847f216cf3b58b0173c7fad85d51522d8202364ddf59ec
SHA512dd681c204c2d35b5878a60d6d874bbde1a4f75cd3bcaa4aa94de92cf919f7504ba371423856281b04ab57f3b37742646911e33df3228535c3948afdaa3240750
-
Filesize
1KB
MD5b2f18847acdbac230b0eded7eb00eedf
SHA148f323d14a5bfa6049036a5b3ec50901267a9e43
SHA25626cbc44b3dc74ab691fda85e849aaf26b36f1f2d5628ca2ddd7e5bd51ab381ed
SHA5127e9c1bbc6e7ba81cf6671ce792f0fb805343592e99c4d89882d042c033c1457401ab1553f69b703a69d00b98d388705c415c52856f2712bd32eee780bfd52921
-
Filesize
201B
MD52e9105f869257b9d5ce5d3b56754711c
SHA10d1fe32a00999607d572079d0e53f2abcddab806
SHA256c1a1d7756e6764594a15091dbc9ab526dea5201beef266160edbd25b96852a58
SHA512d074ca7f57f37b6e7bb80d5474e22e3e2ab6af22f358394b8794f0694f05a73cf1ada2e8f596f82e1d6cb1224ce9e9d85aaaea0628074fa4c30bead597d78e76
-
Filesize
10KB
MD5c79fa7062bb74994c4966011511c4600
SHA1e04375baa8e5ca4638b0f72e76dad2b36f8fb30f
SHA256c3a0bb32d77fb40aaf723f362b8870d7337fef5d706ca8eb9acdcb1cf4ff35ea
SHA5129b43056f78f6c632c1609a898f86b58cd5567d8f71a4f5da16d14bde092d2cce4c2dac558efeccf9edd9ea94b5292aaf49d23db4afabbcbe711ee2c9283294e8