Overview

overview

8

Static

static

1

56e43969a4...118.js

windows7-x64

8

56e43969a4...118.js

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56e43969a4ca0ecbc1523c0f608c693c_JaffaCakes118.js

  • Size

    50KB

  • MD5

    56e43969a4ca0ecbc1523c0f608c693c

  • SHA1

    3cefd7e1242c4c42f4c3c0383d44096a1b2fb9a8

  • SHA256

    d369380817835374ca2244b9cc17d6bb4d2536b1225eaec20cc389bc9d154c25

  • SHA512

    e13b5fdf547d77bd302a30710a22d9d03d181783f485d134fd10aaf47a41672b42b24fc0e5f5f2ed4a261dc011e30933ba72caa8611bda8ae4d1ba905e00f743

  • SSDEEP

    1536:atO57RiOfWv6wHBpQmMiriEgLq44rqYd+wMV7:acov6Bmds/WqYd+n

Score
8/10
executionmotwphishing

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
    phishingmotw
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\56e43969a4ca0ecbc1523c0f608c693c_JaffaCakes118.js
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    PID:3324
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1668

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Command and Scripting Interpreter

    1
    T1059

    JavaScript

    1
    T1059.007

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\4yin6xpo3.exe
      Filesize

      13KB

      MD5

      7ef64b3be61dc28efc5fa9c8f01fc7e7

      SHA1

      bbbbcbb68de787ddfe8441ac3af8977f85a9cbb9

      SHA256

      c224fa97bbe7a8d420763b9abb51147f3d15758de62ba46bd4554afeb00fc42b

      SHA512

      32413693c385ca1fde133fc995001c990107acf4a1ec438c3a3e9d19f1d392cb8c936d94093045b05e98020341d411b1b4834c07cc25ee35541022803eae0ef1

      Download Submit