Malware Analysis Report

2024-09-23 16:50

Sample ID 240430-xxvk3afh43
Target 0a6aefbfc0de4f4b4ccba5b5a4b72ba3_JaffaCakes118
SHA256 f41744df73403b38450f867362ae966e501ab431c530e2b897bd9c4a3e3dba57
Tags
qr link
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

f41744df73403b38450f867362ae966e501ab431c530e2b897bd9c4a3e3dba57

Threat Level: Likely benign

The file 0a6aefbfc0de4f4b4ccba5b5a4b72ba3_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

qr link

One or more HTTP URLs in qr code identified

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-30 19:14

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

138s

Max time network

105s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\icharts_75d020c4.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\icharts_75d020c4.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 137.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

117s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\console\scripts\screenlog_5fbcd8aa.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\console\scripts\screenlog_5fbcd8aa.js

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

54s

Max time network

52s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\console\scripts\screenlog_5fbcd8aa.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\console\scripts\screenlog_5fbcd8aa.js

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

121s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4App_7b8ea110.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4App_7b8ea110.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils_cd547384.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils_cd547384.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

138s

Max time network

104s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4App_7b8ea110.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4App_7b8ea110.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 137.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

66s

Max time network

51s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils_cd547384.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils_cd547384.js

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 g.bing.com udp
US 23.53.113.159:80 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

66s

Max time network

57s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\chartsUtils_96d7369c.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\chartsUtils_96d7369c.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

122s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\ichartsUtils_0bdb763a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\ichartsUtils_0bdb763a.js

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

66s

Max time network

49s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\digitalSignatureUtils_4b91efa2.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\digitalSignatureUtils_4b91efa2.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 g.bing.com udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20231129-en

Max time kernel

118s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\sha1_4ffab19a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\sha1_4ffab19a.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240215-en

Max time kernel

121s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\hSea.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\hSea.min.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240215-en

Max time kernel

118s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\base64_2e061f13.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\base64_2e061f13.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\endecryptUtils_db79b9c2.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\endecryptUtils_db79b9c2.js

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

139s

Max time network

144s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\endecryptUtils_db79b9c2.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\endecryptUtils_db79b9c2.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

54s

Max time network

56s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\hSea.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\hSea.min.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

121s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\icharts_75d020c4.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\icharts_75d020c4.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

66s

Max time network

54s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\highcharts_145c04a4.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\highcharts_145c04a4.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 g.bing.com udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

54s

Max time network

54s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\md5_f3076a0d.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\md5_f3076a0d.js

Network

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

54s

Max time network

51s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\rsa_0e10c50c.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\rsa_0e10c50c.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240426-en

Max time kernel

91s

Max time network

93s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4H5_8a3c654f.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4H5_8a3c654f.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240419-en

Max time kernel

119s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\chartsUtils_96d7369c.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\chartsUtils_96d7369c.js

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\md5_f3076a0d.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\md5_f3076a0d.js

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\base64_2e061f13.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\base64_2e061f13.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 200.64.52.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

94s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\ichartsUtils_0bdb763a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\ichartsUtils_0bdb763a.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240220-en

Max time kernel

122s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\digitalSignatureUtils_4b91efa2.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\digitalSignatureUtils_4b91efa2.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240419-en

Max time kernel

121s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\des_cf444a2a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\des_cf444a2a.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\des_cf444a2a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\des_cf444a2a.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4H5_8a3c654f.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\cache\scripts\cacheUtils4H5_8a3c654f.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win10v2004-20240419-en

Max time kernel

54s

Max time network

53s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\sha1_4ffab19a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\digitalSignature\scripts\sha1_4ffab19a.js

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20231129-en

Max time kernel

117s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\highcharts_145c04a4.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\charts\scripts\highcharts_145c04a4.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-30 19:14

Reported

2024-04-30 19:17

Platform

win7-20240221-en

Max time kernel

117s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\rsa_0e10c50c.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\www\m\1.2.3\plugins\endecrypt\scripts\rsa_0e10c50c.js

Network

N/A

Files

N/A