eb907e13efa5a301c94f5ff8cc573fca1852a458b5711301ec2c170e8c4a7588

General

Target

317ae1f8bd519f1cde2233a71b0563da_JaffaCakes118.js
Size

72KB
MD5

317ae1f8bd519f1cde2233a71b0563da
SHA1

da69a7b86b6964f12bf702dd56a80a7d2e7f705a
SHA256

eb907e13efa5a301c94f5ff8cc573fca1852a458b5711301ec2c170e8c4a7588
SHA512

b3750f5eafd01f9c91f0fd102fe47e600efe1477315272e07c341c321caa0d477cbe67600f97a4e0293bd41663f870f314b5a851cf64d12dd65e958354072683
SSDEEP

768:EK7hFfiY48dIu7j8BSeIJ/0aUpjPilh9LUW7+yUlZL371ulCgPOccm4oRPAHTiTf:R4En8Ba/hUlKlAA+JjL8lXczHmdpD

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\317ae1f8bd519f1cde2233a71b0563da_JaffaCakes118.js
1⤵
PID:1540

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3EC05E0BE8416EB523494ABCE9496F9B; domain=.bing.com; expires=Sun, 03-Aug-2025 19:33:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 574D39F0394944B7AF0B59644E3DB18E Ref B: AMS04EDGE3016 Ref C: 2024-07-09T19:33:49Z
date: Tue, 09 Jul 2024 19:33:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3EC05E0BE8416EB523494ABCE9496F9B

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=6EfK60swrmlFu0EJoeMRXkGtk5QsjNzXYYDhGA8xxM0; domain=.bing.com; expires=Sun, 03-Aug-2025 19:33:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C091F04526884AA4984476E1DD650865 Ref B: AMS04EDGE3016 Ref C: 2024-07-09T19:33:49Z
date: Tue, 09 Jul 2024 19:33:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3EC05E0BE8416EB523494ABCE9496F9B; MSPTC=6EfK60swrmlFu0EJoeMRXkGtk5QsjNzXYYDhGA8xxM0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F6A035890A284202B355E856A8432427 Ref B: AMS04EDGE3016 Ref C: 2024-07-09T19:33:49Z
date: Tue, 09 Jul 2024 19:33:49 GMT
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

33.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.140.123.92.in-addr.arpa

IN PTR

Response

33.140.123.92.in-addr.arpa

IN PTR

a92-123-140-33deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

tls, http2

2.0kB
9.3kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e72619cdade14ea4a38d4cdabd20d588&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

HTTP Response

204

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

33.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

33.140.123.92.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

JavaScript

1

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.