Analysis

  • max time kernel
    91s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 19:20

General

  • Target

    f67ddc68306f26e3741ae404b8c71e3f_JaffaCakes118.js

  • Size

    194KB

  • MD5

    f67ddc68306f26e3741ae404b8c71e3f

  • SHA1

    ed2561daa25e4e0ad6ab951f01f57d0687043e61

  • SHA256

    2830cab6897efef3b59085d97fd3fa72e9386914e14dc7b863c27d28987269db

  • SHA512

    1f4e0e29ae949487b4ff87584980e8fa1359dc1e32ff386bf8633d3b1a923a53f8bdd921a089b9b534d80a5fd522e0035b97328028f411cd3191468ab94a0f33

  • SSDEEP

    3072:m6JO0C5zUxXAUVRLM2Zoyvd5Xfy87+7ynKev4:m6Jw5zUxXAUVRtZoyvPzi7ynl4

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\f67ddc68306f26e3741ae404b8c71e3f_JaffaCakes118.js
    1⤵
      PID:4304

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      DNS
      68.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3D69855BFF296B213A31913FFE926AEF; domain=.bing.com; expires=Mon, 12-May-2025 19:21:13 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 333EE108DACC44BF8BE561EC111E2079 Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
      date: Wed, 17 Apr 2024 19:21:13 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3D69855BFF296B213A31913FFE926AEF
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc; domain=.bing.com; expires=Mon, 12-May-2025 19:21:13 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E453D49FB6D74D2BB043744BD1A292EB Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
      date: Wed, 17 Apr 2024 19:21:13 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3D69855BFF296B213A31913FFE926AEF; MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D0C390B9CE214AF5A3DD2951B79267C0 Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
      date: Wed, 17 Apr 2024 19:21:13 GMT
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.32.209.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.32.209.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      60.166.213.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      60.166.213.23.in-addr.arpa
      IN PTR
      Response
      60.166.213.23.in-addr.arpa
      IN PTR
      a23-213-166-60deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.186:443
      Request
      GET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=3D69855BFF296B213A31913FFE926AEF; MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1678
      date: Wed, 17 Apr 2024 19:21:22 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.b63d3e17.1713381682.1b646be
    • flag-us
      DNS
      186.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      186.61.62.23.in-addr.arpa
      IN PTR
      Response
      186.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-186deploystaticakamaitechnologiescom
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      106.27.33.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.27.33.23.in-addr.arpa
      IN PTR
      Response
      106.27.33.23.in-addr.arpa
      IN PTR
      a23-33-27-106deploystaticakamaitechnologiescom
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=
      tls, http2
      2.0kB
      9.2kB
      22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=

      HTTP Response

      204
    • 23.62.61.186:443
      https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.5kB
      6.9kB
      17
      12

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      68.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      68.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      67.32.209.4.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      67.32.209.4.in-addr.arpa

    • 8.8.8.8:53
      60.166.213.23.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      60.166.213.23.in-addr.arpa

    • 8.8.8.8:53
      186.61.62.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      186.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      106.27.33.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      106.27.33.23.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.