049604c8d1030cbbdc8dcdf15da309cb3fddd56180c985da2eab06d26ebd6041

Analysis

max time kernel
125s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 15:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4562df4bfe216d8e2e3bc283934ca1a_JaffaCakes118.js
Size

466KB
MD5

b4562df4bfe216d8e2e3bc283934ca1a
SHA1

d879d52bb283a85e8e740a7c7b0bbff9ca95e104
SHA256

049604c8d1030cbbdc8dcdf15da309cb3fddd56180c985da2eab06d26ebd6041
SHA512

547d51ed426185decea4a46feec1c054f02213f3b5ef67793e01bb5b63fb034aa7cde37cf20c960605071034f3a2abd38f3ff9dc5660ed67419c10d93a8279a0
SSDEEP

6144:nQLxasMYod+X3oI+Y6tvu6xAmzM86P5sZpMFzBtug4r1GcFBU/b:d5d+X3poCPuzmrugwG2qz

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\b4562df4bfe216d8e2e3bc283934ca1a_JaffaCakes118.js
1⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4084,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:8
1⤵
PID:3012

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3022CED96A5364BF1CC4DA796B746577; domain=.bing.com; expires=Fri, 11-Jul-2025 15:55:29 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6736B7EAAA7B4B5D937C240EED3046A1 Ref B: LON04EDGE0715 Ref C: 2024-06-16T15:55:29Z
date: Sun, 16 Jun 2024 15:55:29 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3022CED96A5364BF1CC4DA796B746577; _EDGE_S=SID=146D675C31AA6A4A0CFA73FC30E26BCA

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=__Qo3zEUtg6x_0FFbpZIBWfzhlbBWX_2V7hyGQYNNVQ; domain=.bing.com; expires=Fri, 11-Jul-2025 15:55:29 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96A7FD4554A348B39240835BDC437E72 Ref B: LON04EDGE0715 Ref C: 2024-06-16T15:55:29Z
date: Sun, 16 Jun 2024 15:55:29 GMT
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
GET

https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3022CED96A5364BF1CC4DA796B746577

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 118AA633EFFE4E1EA469410C6F3BC0B7 Ref B: BRU30EDGE0914 Ref C: 2024-06-16T15:55:29Z
content-length: 0
date: Sun, 16 Jun 2024 15:55:29 GMT
set-cookie: _EDGE_S=SID=146D675C31AA6A4A0CFA73FC30E26BCA; path=/; httponly; domain=bing.com
set-cookie: MUIDB=3022CED96A5364BF1CC4DA796B746577; path=/; httponly; expires=Fri, 11-Jul-2025 15:55:29 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1718553329.4a71677
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

tls, http2

2.5kB
9.0kB
20
16

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

tls, http2

1.4kB
5.3kB
16
11

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.