Malware Analysis Report

2025-04-14 02:53

Sample ID 240603-jtwgasgf2w
Target 9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118
SHA256 d37c6b12a455c72a5afe331b8846184a7bd57a33ea75aad7eedf0f7c6a34ab41
Tags
execution
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

d37c6b12a455c72a5afe331b8846184a7bd57a33ea75aad7eedf0f7c6a34ab41

Threat Level: Likely benign

The file 9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

execution

Command and Scripting Interpreter: JavaScript

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:58

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:58

Reported

2024-06-03 08:00

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4372,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:58

Reported

2024-06-03 08:00

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\9107e4517287e0fae7e9d8d0324a0e28_JaffaCakes118.js

Network

N/A

Files

N/A