Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2025, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html
Resource
win10v2004-20250129-en
General
-
Target
JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html
-
Size
53KB
-
MD5
56979e6edd5099eade8957e709cd4a93
-
SHA1
926c6b11c6c60a71dad54bc9b5022b94a1f3cdda
-
SHA256
02b3de34d4aeffe1aac481ff33f8d998bc08aa389f93bfdc119dbc84a923eb91
-
SHA512
a14da94682d3bf39f8abd9ff967e620275b09259615ad1fcf6874ba9edfbeb832a157d031ac6ecc3288bfe41dc35ea6599c7533255eace9b00e4858931a33b7b
-
SSDEEP
768:LpGhKRcghp1Np18hKSVdNVPOMXdRl3oFv+Hm6KDssMtle8D:1vp1318ISV7VGMNsWHm6KwsMtleY
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 15 sites.google.com 18 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 1276 msedge.exe 1276 msedge.exe 1508 msedge.exe 1508 msedge.exe 1508 msedge.exe 1508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1276 wrote to memory of 2876 1276 msedge.exe 81 PID 1276 wrote to memory of 2876 1276 msedge.exe 81 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 3456 1276 msedge.exe 83 PID 1276 wrote to memory of 4948 1276 msedge.exe 84 PID 1276 wrote to memory of 4948 1276 msedge.exe 84 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85 PID 1276 wrote to memory of 4828 1276 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9831d46f8,0x7ff9831d4708,0x7ff9831d47182⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2320
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bc29044ff79dd25458f32c381dc676af
SHA1f4657c0bee9b865607ec3686b8d4f5d4c2c61cd7
SHA256efe711204437661603d6e59765aba1654678f2093075c1eb2340dc5e80a1140f
SHA5123d484f755d88c0485195b247230edb79c07cc0941dedbf2f34738ae4f80ba90595f5094c449b213c0c871ade6aff0a14d4acfe843186e2421ccbad221d34bf54
-
Filesize
152B
MD5709e5bc1c62a5aa20abcf92d1a3ae51c
SHA171c8b6688cd83f8ba088d3d44d851c19ee9ccff6
SHA256aa718e97104d2a4c68a9dad4aae806a22060702177f836403094f7ca7f0f8d4e
SHA512b9fc809fbb95b29336e5102382295d71235b0e3a54828b40380958a7feaf27c6407461765680e1f61d88e2692e912f8ec677a66ff965854bea6afae69d99cf24
-
Filesize
829B
MD5bd8d91bf840668104965725978a3f76c
SHA1dd291003dabaf54d1379c91efb29631d0819fa7d
SHA256aa144d186a03824aa061635ce4c351430ca8df74f369aa1d64d07cf9355422b1
SHA5123fc7e70644bc141f53051ddc47f1ad071e3e64e509a4e73539b47abba538a58ac2d4b5dc52de803b8e294ce7edd1065da8914c3eb8bc0834475ec2bdec6f0947
-
Filesize
6KB
MD5d1666c069eb67c2f56ca0d789fa46768
SHA1e0ed460cd91cae38f064c8555a2bf816f7dbe23e
SHA256e7093e86b2ab6180b681cbbd06560fe26d6561feb408833b9c6f57ff9e349b07
SHA5126e1b450020892593409b4a06f52cf409571275ca24393f833062b7ef2ca3aa8a249a2d13edb4bee22c0c3bd1ca32a0b9a0e742035d1c58f3c784c466f90b891c
-
Filesize
7KB
MD5bed12c244ccceb02598e54c9f09aec7a
SHA16a92d5750f15510908b3fa719a4c1dd83b2fd307
SHA2566c8047565ef19db3deb4b39bb27c642c5184a23692cbd841917410b0aa19a09f
SHA5129fc72d773475864c09351af0faa2ef9bfac44cb371410341c991f9d830881b2ee062c7ca911dcb647e964e4a9930ce9cb41d81526f54c80dab78cead183ee553
-
Filesize
10KB
MD56a27ac376248060edb3ec5b8674d16f6
SHA12b2ecbd0db9b00129855cfecb1df53b0cfe8c0c8
SHA2568e6de3afd61c6dd667eb4e7791bb5ce1e1637d89c9d22fa01ede09963eac4f41
SHA5122125d86be8f4cc3ca9f033926e71d7112ea30e869c74bcb7a24fa0d4482aa837141651dbf5edcf7911a9a203154428762ff0968f1879087944d28eb7d6ba9d57