Analysis
-
max time kernel
141s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 23:22 UTC
Static task
static1
Behavioral task
behavioral1
Sample
68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html
Resource
win7-20240221-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html
Resource
win10v2004-20240226-en
0 signatures
150 seconds
General
-
Target
68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html
-
Size
139KB
-
MD5
68fbe81a7520d45eac22f25690f0c541
-
SHA1
b698ff7081c93605620ec5443f3f799dade52875
-
SHA256
044c6ec0f26d04cf2d0900e557ed9bcfad67e875c55044d1c39be027e8feb75d
-
SHA512
5bbd2bd43219b0ea5c9f1cbbcb027d4faa278690301707bf93e2a82887227b820927964b9c52fa617879b36439fcabd7c6c8960f7b6e0b0da6518a64ddbd1863
-
SSDEEP
1536:S60C6zmTrNeXMuPx0rClrMFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP06:Sqr4cyfkMY+BES09JXAnyrZalI+YQ
Score
1/10
Malware Config
Signatures
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html1⤵PID:1600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3780 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵PID:5092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4024 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵PID:1196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵PID:2024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5496 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵PID:5044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5768 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵PID:1268
Network
-
Remote address:8.8.8.8:53Requestnav-edge.smartscreen.microsoft.comIN AResponsenav-edge.smartscreen.microsoft.comIN CNAMEtm-prod-wd-csp-edge.trafficmanager.nettm-prod-wd-csp-edge.trafficmanager.netIN CNAMEprod-agic-uw-3.ukwest.cloudapp.azure.comprod-agic-uw-3.ukwest.cloudapp.azure.comIN A51.11.108.188
-
Remote address:8.8.8.8:53Requestnav-edge.smartscreen.microsoft.comIN UnknownResponsenav-edge.smartscreen.microsoft.comIN CNAMEtm-prod-wd-csp-edge.trafficmanager.nettm-prod-wd-csp-edge.trafficmanager.netIN CNAMEprod-agic-uw-2.ukwest.cloudapp.azure.com
-
Remote address:8.8.8.8:53Requestbusiness.bing.comIN AResponsebusiness.bing.comIN CNAMEbusiness-bing-com.b-0005.b-msedge.netbusiness-bing-com.b-0005.b-msedge.netIN CNAMEb-0005.b-msedge.netb-0005.b-msedge.netIN A13.107.6.158
-
Remote address:8.8.8.8:53Requestbusiness.bing.comIN UnknownResponsebusiness.bing.comIN CNAMEbusiness-bing-com.b-0005.b-msedge.net
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.55.97.181
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.55.97.181
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN UnknownResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.net
-
Remote address:8.8.8.8:53Requestbzib.nelreports.netIN AResponsebzib.nelreports.netIN CNAMEbzib.nelreports.net.akamaized.netbzib.nelreports.net.akamaized.netIN CNAMEa416.dscd.akamai.neta416.dscd.akamai.netIN A2.17.251.21a416.dscd.akamai.netIN A2.17.251.4
-
Remote address:8.8.8.8:53Requestbzib.nelreports.netIN UnknownResponsebzib.nelreports.netIN CNAMEbzib.nelreports.net.akamaized.netbzib.nelreports.net.akamaized.netIN CNAMEa416.dscd.akamai.net
-
Remote address:8.8.8.8:53Request56.94.73.104.in-addr.arpaIN PTRResponse56.94.73.104.in-addr.arpaIN PTRa104-73-94-56deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request188.108.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.55.97.181
-
Remote address:8.8.8.8:53Request7tn2z.69khz.comIN AResponse
-
Remote address:8.8.8.8:53Request7tn2z.69khz.comIN UnknownResponse
-
Remote address:8.8.8.8:53Request7tn2z.69khz.comIN AResponse
-
Remote address:8.8.8.8:53Request21.251.17.2.in-addr.arpaIN PTRResponse21.251.17.2.in-addr.arpaIN PTRa2-17-251-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request181.97.55.23.in-addr.arpaIN PTRResponse181.97.55.23.in-addr.arpaIN PTRa23-55-97-181deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestc.s-microsoft.comIN AResponsec.s-microsoft.comIN CNAMEc-s.cms.ms.akadns.netc-s.cms.ms.akadns.netIN CNAMEc.s-microsoft.com-c.edgekey.netc.s-microsoft.com-c.edgekey.netIN CNAMEe13678.dscg.akamaiedge.nete13678.dscg.akamaiedge.netIN A104.73.93.171
-
Remote address:8.8.8.8:53Requestc.s-microsoft.comIN UnknownResponsec.s-microsoft.comIN CNAMEc-s.cms.ms.akadns.netc-s.cms.ms.akadns.netIN CNAMEc.s-microsoft.com-c.edgekey.netc.s-microsoft.com-c.edgekey.netIN CNAMEe13678.dscg.akamaiedge.net
-
Remote address:8.8.8.8:53Requestedgestatic.azureedge.netIN AResponseedgestatic.azureedge.netIN CNAMEedgestatic.afd.azureedge.netedgestatic.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0036.t-0009.t-msedge.netshed.dual-low.part-0036.t-0009.t-msedge.netIN CNAMEpart-0036.t-0009.t-msedge.netpart-0036.t-0009.t-msedge.netIN A13.107.246.64part-0036.t-0009.t-msedge.netIN A13.107.213.64
-
Remote address:8.8.8.8:53Requestedgestatic.azureedge.netIN UnknownResponseedgestatic.azureedge.netIN CNAMEedgestatic.afd.azureedge.netedgestatic.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0036.t-0009.t-msedge.netshed.dual-low.part-0036.t-0009.t-msedge.netIN CNAMEpart-0036.t-0009.t-msedge.net
-
Remote address:8.8.8.8:53Requestbdimg.share.baidu.comIN AResponsebdimg.share.baidu.comIN CNAMEshare.jomodns.comshare.jomodns.comIN CNAMEshare.n.shifen.comshare.n.shifen.comIN A182.61.201.94share.n.shifen.comIN A182.61.244.229share.n.shifen.comIN A14.215.182.161share.n.shifen.comIN A39.156.68.163share.n.shifen.comIN A112.34.113.148share.n.shifen.comIN A163.177.17.97share.n.shifen.comIN A180.101.212.103share.n.shifen.comIN A182.61.201.93
-
Remote address:8.8.8.8:53Requestbdimg.share.baidu.comIN UnknownResponsebdimg.share.baidu.comIN CNAMEshare.jomodns.comshare.jomodns.comIN CNAMEshare.n.shifen.com
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestnw-umwatson.events.data.microsoft.comIN AResponsenw-umwatson.events.data.microsoft.comIN CNAMEblobcollector.events.data.trafficmanager.netblobcollector.events.data.trafficmanager.netIN CNAMEonedsblobprdwus16.westus.cloudapp.azure.comonedsblobprdwus16.westus.cloudapp.azure.comIN A20.189.173.21
-
Remote address:20.189.173.21:443RequestPOST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAATiYtz6q6Bw+kz6IdWcoLqpnU7Dfw/mZW5yc47vVz3/4hPnlxzuF7ff+XDA8komqy/tTJLdHu3HDYuHIfc+8NabUFoZ3LNAml7sk/lzmA+uMSymj+ewvTav46XXtbHc3bUHeSu/AIMEHpyibwEsBNmoXaGh8vP9rdv83LOO83DERqeLFziWTTtW4TO74tOGldeyR+k5gJ8sfhS/jX6SsD9t+9fzCcT84uD2AhwS9qU2GUich5wopuR1sgVQyUszpkFu5e/23yN6x0kZdbruh4DBJCU74Tu4H1B9y/W0XbS6xBFjQyQ/N0486VdVF+enulUfOC9lLIXE9ckpWST+Up9EDZgAACH6yZBkHkcTHiAEmpJQ+SU6ViV19TS6jBm3znLrJzT1K6sCLEdD8SrdJKNnJhMqXQRQfCtjGqhxvN7xkXdYOFAJeoK1xu4/0z2yaBtc8TJ0WrEuk7Q9uTJ64b52bPBXvn5F2wyARMllrPOsR+E0MHc6A6bOMdR8q1c6N97OgX1KCQPcBSBV6YwRRtPL1dz4cE1w6awQsjhv0l5b7Fnnz7kqah/wPjySvBTSD+wCZS7kNXRRHi/9/IYkX5MrNg3eh4njL1QwfEspppghlliUn5MNtGeQTjF8vj8rm9fo1EOIYuduEN5fZoReXq0WxGdib1k3MFVDgAf78VF8s1SA2b3QS+mSeQh/lspnfzdW9yPxtwvhXfFf+oqeu90OitD/JKhdo9X3MtjKUOIJoLzZqkbz8HASmgf28+25n+4fP0G8DTrMD07yESvRSlG9yV5eCGjqiCuzLUx/bm+i3aDk+RpwDEbxTwE4X/c54dyK4DaqsfTfQBorSAWmYB12i1aESDozNO4xYOj+SNE2nws+JLj+uNbgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com
ResponseHTTP/1.1 200 200 OK
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Wed, 22 May 2024 23:22:51 GMT
-
Remote address:8.8.8.8:53Request21.173.189.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.106.137.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestchromewebstore.googleapis.comIN AResponsechromewebstore.googleapis.comIN A172.217.169.42chromewebstore.googleapis.comIN A142.250.179.234chromewebstore.googleapis.comIN A142.250.180.10chromewebstore.googleapis.comIN A142.250.187.202chromewebstore.googleapis.comIN A142.250.187.234chromewebstore.googleapis.comIN A142.250.178.10chromewebstore.googleapis.comIN A172.217.16.234chromewebstore.googleapis.comIN A142.250.200.10chromewebstore.googleapis.comIN A142.250.200.42chromewebstore.googleapis.comIN A216.58.201.106chromewebstore.googleapis.comIN A216.58.204.74chromewebstore.googleapis.comIN A216.58.213.10chromewebstore.googleapis.comIN A172.217.169.10chromewebstore.googleapis.comIN A216.58.212.234
-
Remote address:8.8.8.8:53Requestchromewebstore.googleapis.comIN UnknownResponse
-
Remote address:8.8.8.8:53Request42.169.217.172.in-addr.arpaIN PTRResponse42.169.217.172.in-addr.arpaIN PTRlhr48s08-in-f101e100net
-
Remote address:8.8.8.8:53Requestwcpstatic.microsoft.comIN AResponsewcpstatic.microsoft.comIN CNAMEconsentdeliveryfd.azurefd.netconsentdeliveryfd.azurefd.netIN CNAMEfirstparty-azurefd-prod.trafficmanager.netfirstparty-azurefd-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0036.t-0009.t-msedge.netshed.dual-low.part-0036.t-0009.t-msedge.netIN CNAMEpart-0036.t-0009.t-msedge.netpart-0036.t-0009.t-msedge.netIN A13.107.246.64part-0036.t-0009.t-msedge.netIN A13.107.213.64
-
Remote address:8.8.8.8:53Requestwcpstatic.microsoft.comIN UnknownResponsewcpstatic.microsoft.comIN CNAMEconsentdeliveryfd.azurefd.netconsentdeliveryfd.azurefd.netIN CNAMEfirstparty-azurefd-prod.trafficmanager.netfirstparty-azurefd-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0036.t-0009.t-msedge.netshed.dual-low.part-0036.t-0009.t-msedge.netIN CNAMEpart-0036.t-0009.t-msedge.net
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.61.62.23.in-addr.arpaIN PTRResponse97.61.62.23.in-addr.arpaIN PTRa23-62-61-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request31.73.42.20.in-addr.arpaIN PTRResponse
-
10.5kB 12.8kB 30 32
-
2.0kB 9.7kB 17 21
-
2.8kB 22.9kB 26 36
-
2.5kB 6.0kB 13 15
-
91.9kB 4.7MB 1894 3361
-
1.5kB 7.5kB 9 10
-
1.6kB 7.5kB 10 10
-
260 B 5
-
260 B 5
-
5.9kB 7.6kB 13 11
HTTP Request
POST https://nw-umwatson.events.data.microsoft.com/Telemetry.RequestHTTP Response
200 -
2.0kB 8.0kB 17 18
-
260 B 5
-
260 B 5
-
8.3kB 272.5kB 128 215
-
4.6kB 91.0kB 59 77
-
260 B 5
-
260 B 5
-
1.1kB 5.2kB 10 12
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
1.2kB 906 B 7 7
-
260 B 5
-
260 B 5
-
260 B 5
-
80 B 199 B 1 1
DNS Request
nav-edge.smartscreen.microsoft.com
DNS Response
51.11.108.188
-
80 B 243 B 1 1
DNS Request
nav-edge.smartscreen.microsoft.com
-
63 B 144 B 1 1
DNS Request
business.bing.com
DNS Response
13.107.6.158
-
63 B 171 B 1 1
DNS Request
business.bing.com
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
23.55.97.181
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
23.55.97.181
-
63 B 275 B 1 1
DNS Request
www.microsoft.com
-
65 B 172 B 1 1
DNS Request
bzib.nelreports.net
DNS Response
2.17.251.212.17.251.4
-
65 B 204 B 1 1
DNS Request
bzib.nelreports.net
-
71 B 135 B 1 1
DNS Request
56.94.73.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
188.108.11.51.in-addr.arpa
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
23.55.97.181
-
61 B 134 B 1 1
DNS Request
7tn2z.69khz.com
-
61 B 134 B 1 1
DNS Request
7tn2z.69khz.com
-
61 B 134 B 1 1
DNS Request
7tn2z.69khz.com
-
70 B 133 B 1 1
DNS Request
21.251.17.2.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
181.97.55.23.in-addr.arpa
-
63 B 193 B 1 1
DNS Request
c.s-microsoft.com
DNS Response
104.73.93.171
-
63 B 238 B 1 1
DNS Request
c.s-microsoft.com
-
70 B 245 B 1 1
DNS Request
edgestatic.azureedge.net
DNS Response
13.107.246.6413.107.213.64
-
70 B 273 B 1 1
DNS Request
edgestatic.azureedge.net
-
67 B 252 B 1 1
DNS Request
bdimg.share.baidu.com
DNS Response
182.61.201.94182.61.244.22914.215.182.16139.156.68.163112.34.113.148163.177.17.97180.101.212.103182.61.201.93
-
67 B 181 B 1 1
DNS Request
bdimg.share.baidu.com
-
71 B 157 B 1 1
DNS Request
74.32.126.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
83 B 211 B 1 1
DNS Request
nw-umwatson.events.data.microsoft.com
DNS Response
20.189.173.21
-
72 B 158 B 1 1
DNS Request
21.173.189.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
217.106.137.52.in-addr.arpa
-
75 B 299 B 1 1
DNS Request
chromewebstore.googleapis.com
DNS Response
172.217.169.42142.250.179.234142.250.180.10142.250.187.202142.250.187.234142.250.178.10172.217.16.234142.250.200.10142.250.200.42216.58.201.106216.58.204.74216.58.213.10172.217.169.10216.58.212.234
-
75 B 132 B 1 1
DNS Request
chromewebstore.googleapis.com
-
73 B 112 B 1 1
DNS Request
42.169.217.172.in-addr.arpa
-
69 B 265 B 1 1
DNS Request
wcpstatic.microsoft.com
DNS Response
13.107.246.6413.107.213.64
-
69 B 280 B 1 1
DNS Request
wcpstatic.microsoft.com
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
97.61.62.23.in-addr.arpa
-
204 B 3
-
70 B 156 B 1 1
DNS Request
31.73.42.20.in-addr.arpa