fa5e45755dd8ce33636b00b59d9b7078d3d271d01e0393ddf22c901b8ac14170 | Triage

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 10:28 UTC

Sharing

Report Analysis Logs

General

Target

e254329be44a99b872e7d15a7d4210be_JaffaCakes118.js
Size

268KB
MD5

e254329be44a99b872e7d15a7d4210be
SHA1

40b4a9c5a88ad5d25e90b9b7d333df3be3722306
SHA256

fa5e45755dd8ce33636b00b59d9b7078d3d271d01e0393ddf22c901b8ac14170
SHA512

d2077a1d07837176132eb74d5625c87bad29627fa1bbd29d208c7de975ce55d005438f394a7d106f623b9790c5d82f5354dbcb322a86ca0b1e014f1b1f74617d
SSDEEP

3072:koSnJYmNRlYoSnJYmNRlBsDPNDPPO4zrRRevGSv0PontXC2Zbw/2Ha+l:WnlRInlRwO6UuSMQntXPb

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\e254329be44a99b872e7d15a7d4210be_JaffaCakes118.js
1⤵
PID:4620

Network

DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

28.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.143.109.104.in-addr.arpa

IN PTR

Response

28.143.109.104.in-addr.arpa

IN PTR

a104-109-143-28deploystaticakamaitechnologiescom
DNS

91.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.90.14.23.in-addr.arpa

IN PTR

Response

91.90.14.23.in-addr.arpa

IN PTR

a23-14-90-91deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

52.142.223.178:80

46 B
1

8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

28.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

28.143.109.104.in-addr.arpa
8.8.8.8:53

91.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

91.90.14.23.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads