Analysis Overview
SHA256
a7c2156a4a335a577bae666b6aab72fd498facef382181bbd0769993f6d9a61e
Threat Level: Likely malicious
The file 9d06b4095949e8d986ce16bae856e06f_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Checks computer location settings
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 04:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 04:50
Reported
2024-06-11 04:53
Platform
win7-20240419-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pearlivy.com | udp |
| US | 8.8.8.8:53 | perenso.com | udp |
| US | 8.8.8.8:53 | asperm.club | udp |
| US | 8.8.8.8:53 | finewine.ga | udp |
| US | 8.8.8.8:53 | salucci.it | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 04:50
Reported
2024-06-11 04:53
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC_27059041321US_Apr_27_2019.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pearlivy.com | udp |
| US | 13.248.169.48:80 | pearlivy.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\yng47px78.exe
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |