Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2025, 05:04
Behavioral task
behavioral1
Sample
JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html
-
Size
199KB
-
MD5
530246f73ee0245b9ab0d4b23fe2a69f
-
SHA1
950d77b83d3002518cac0582a1881c2913bf784d
-
SHA256
4be5f404938b45c74988f0978eaf50486d65eb264d7f0e0aa153d23992c3d219
-
SHA512
d18c29193553316045196987c69017a3ea00f4cd2141082c7892605101d4d92a2bfe56c647ee1fde8cc25779f7273482ac5d0e833ea28af5ddd1ab0cefe6653e
-
SSDEEP
3072:DSnpywl9Nv3c49nSMhMwM00usnxWbVRCWJdsnzMt9eGV:Doywl9Nor0Ozw
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 36 sites.google.com 39 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3468 msedge.exe 3468 msedge.exe 4572 msedge.exe 4572 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4572 wrote to memory of 4052 4572 msedge.exe 82 PID 4572 wrote to memory of 4052 4572 msedge.exe 82 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3240 4572 msedge.exe 83 PID 4572 wrote to memory of 3468 4572 msedge.exe 84 PID 4572 wrote to memory of 3468 4572 msedge.exe 84 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85 PID 4572 wrote to memory of 4520 4572 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83b1346f8,0x7ff83b134708,0x7ff83b1347182⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
Filesize
20KB
MD52ebfdbd309ee762211b4a2ac39708c4d
SHA1b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA25654ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize912B
MD59aa9ceb01361416ebe598a12b5376e5d
SHA1cc0b43d367a11aed585cd0af22ec5f898c266d49
SHA25653bfa92b575f0c5f30c20de59bc95bc3877cefa086e1cf1a3959d49c257a8562
SHA512a799d08c1ede688adf682ddcb34de0fa294ec75fd8f997843bd04691743242259dadd219223a864f4cbc0dbe69f0686ffefc3fd45eb342364612edc1f70249d9
-
Filesize
4KB
MD5cd4c553efad142eea41c51a9f8634bd8
SHA1bb2ef48c0f6e99d52c0c0e02464d7ffec99bf16e
SHA256f3f6d6aed823ece276107c0168dee55e123d5e8dfb90152a938c0f7908290f71
SHA5129b0e115d343d22a11b3b0326bdec6b0446260d4415b8fbdd0ad88413baa84f1c0b122e8aaa0571382df8f96eb00ef5e4e421bc364bf09690477763154d269125
-
Filesize
4KB
MD528f56469c013192a7b95fefbb5affbae
SHA1203bc264cdd603d7a6d77a5ae5613650bb92bf4e
SHA256f474819bff3d50d7cc77d8ac84d179c42b7466f334f26c025af08b3c6543bbaf
SHA51210dfc07d6734e8670e7424d46599cb1b4b3c1d2e865b6ad3324b23780bd3dc2e9107f8f8a935ea5535d97ad1b5ac55e51149fd33664e0ffd2fa987f020d9755f
-
Filesize
9KB
MD5ebe6dcadd10dc6e2a033d11d9573cae6
SHA136a24e5819dd696d338dadb15f76284acc591799
SHA25614394594a5527311bb540237477894bf38224475897c69c695ddcc9d5b95f89e
SHA512fb27dd54cd9a7ee6faf1268e82d22a4524a5852cf0e08c7b34b2ddcb0dfdd7c471f585d803ef6fa5400ea744a1ee864b65e9c7d62030cb6d28f56d32a31a115e
-
Filesize
5KB
MD5f6decc5552f72657c4ef67c580abf35b
SHA16a20ee9ae44b488425cde9bb697f7a7f2fbf1517
SHA25678d71177f73b5e1e99a6a37ff5d4e5d3824633cf0ab1ff05b49ef6a4d34224de
SHA51263e42e075ae275fe61341db396b5e587a40208b0b573e163fa5ee6d7009cabea567036a667ca2c49a7af3794af12cf1a3be76d8b70a3d6944405ecf37f43dbb0
-
Filesize
7KB
MD57b486738d1110edb22bd56bcbafbbfbb
SHA19350597f229c9b97e74b947037379e5cf84c9000
SHA256b68a13a526a440c92afb0d696506a2512bae727ae64ed636543949030e4d2b76
SHA512bbfb2c8e309aaa04aea6be41b761f2e052955be41ef95771a518cc0bbae2702b4ebe45bc3a29ad9e069293cee10e1e95e4efd1b0ff580d720e544c467fc48afb
-
Filesize
1KB
MD5d2ead7fda42605744914d678084b696b
SHA1d797de76fd2c55e9d4fda886ec88b3dea6bbf92e
SHA2566f0cb037594b8e0a1bca82ff37bd8086a771e1e15ad6af9dd9f1c0988228fbcd
SHA512b0d53544df3f484008f43091ab17cdb6029037acefe004d4af7df27681a3b6b23b46d7730a2818c2975d60168619670ce4a488b76a97d10c598341466bbaf8d0
-
Filesize
371B
MD50e43d7ab5277541dcccdebbcad4ff0ed
SHA199a2b093698ae6a5974d0a1870efb4289614e909
SHA256b03009c871cade4b45e19eef8fee4a81e7cb64c41967112a95d94828d7b01efc
SHA5124478d00ca7e2c795e95f83db04972751934d8c0917d75751fc30e25640d0bda9fd5b2e4112f8c399c4d9f49cf5f63fff0cd0d351209a4838412f24e9ce19cf82
-
Filesize
203B
MD5dd830b838600bc307a26c345d2daaff2
SHA11931149f29af97f08efd1692ab995fa72c9402c9
SHA2561f6b05d411fbd4fe43fb0c96dd767dbc94696178762f5f7627ad9fc4ef18a7e6
SHA5126277fc8ec5d1c7724d1f14522df3492708037500d50826ebc6aba41c9ef81053f844e22cb663efb69d75b7354b081317dcfc676635423b91af57e8b1587e069e
-
Filesize
10KB
MD5632dcbcb7a7ec913c1255f84cf90668c
SHA1552a0ecb2e45985954a419a2af6989a4bb6a0dc9
SHA2560b4968f03d1fe20d689df48c1294106a4244c17f00d758fb4669e9d184c5e67c
SHA5129f41d194777de14da4d4f2828adc4bc49dc15819bcea87950c282478d59fc62d434cb2e8be1cfe2bde5eb6a53495af1ae1b83bd9d3a8ddeafe186e65941df91d