Malware Analysis Report

2025-04-14 03:00

Sample ID 240613-dga2yasblf
Target a39b4a58a0bf1baff08922fff367fde2_JaffaCakes118
SHA256 980b7068b358d679072927e3bb56c380e857010073d7678f72e40b967d8b18cc
Tags
execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

980b7068b358d679072927e3bb56c380e857010073d7678f72e40b967d8b18cc

Threat Level: Likely malicious

The file a39b4a58a0bf1baff08922fff367fde2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

execution

Blocklisted process makes network request

Command and Scripting Interpreter: JavaScript

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:00

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\___ ____ ________ ______ ___________ ______.jse"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WScript.exe N/A
N/A N/A C:\Windows\System32\WScript.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\System32\WScript.exe

C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\___ ____ ________ ______ ___________ ______.jse"

Network

Country Destination Domain Proto
US 8.8.8.8:53 nathannewman.org udp
US 75.98.175.92:80 nathannewman.org tcp
US 8.8.8.8:53 mapsu.org udp
US 99.192.235.57:80 mapsu.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:00

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\___ ____ ________ ______ ___________ ______.jse"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\System32\WScript.exe

C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\___ ____ ________ ______ ___________ ______.jse"

Network

Country Destination Domain Proto
US 8.8.8.8:53 nathannewman.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 mapsu.org udp

Files

N/A