Malware Analysis Report

2025-08-05 22:21

Sample ID 240611-fgh4nawamj
Target 9d06b4095949e8d986ce16bae856e06f_JaffaCakes118
SHA256 a7c2156a4a335a577bae666b6aab72fd498facef382181bbd0769993f6d9a61e
Tags
execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a7c2156a4a335a577bae666b6aab72fd498facef382181bbd0769993f6d9a61e

Threat Level: Likely malicious

The file 9d06b4095949e8d986ce16bae856e06f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

execution

Blocklisted process makes network request

Checks computer location settings

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 04:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 04:50

Reported

2024-06-11 04:53

Platform

win7-20240419-en

Max time kernel

121s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 pearlivy.com udp
US 8.8.8.8:53 perenso.com udp
US 8.8.8.8:53 asperm.club udp
US 8.8.8.8:53 finewine.ga udp
US 8.8.8.8:53 salucci.it udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 04:50

Reported

2024-06-11 04:53

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 pearlivy.com udp
US 13.248.169.48:80 pearlivy.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\yng47px78.exe

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0