Analysis

  • max time kernel
    96s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:29

General

  • Target

    eac2d25f001fd85e856ab2fe7c69c44d_JaffaCakes118.js

  • Size

    58KB

  • MD5

    eac2d25f001fd85e856ab2fe7c69c44d

  • SHA1

    afb22c7519d94231fc171a2d18284d706b97524f

  • SHA256

    a895b1021cb60fd4c7a7ecf0dc8138034d90855484b14c99e9c61ba62f2d5730

  • SHA512

    b32563a3e63d993d482edcafeb6fa0b80f796a26c294b0fc34884afadda6451f516277d7769114f73622636c4bac7212ba9e5f83635ea15a63bbf0c6dd881964

  • SSDEEP

    768:1dafPM1CbG5hBlH15jEmBKmSHqf5qPfPrl38c4qNHk+dyNhk+dyNhk+dyNhk+dKa:MPMQrl38cNRb91b9awJAhrDr+3qK1Q3

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\eac2d25f001fd85e856ab2fe7c69c44d_JaffaCakes118.js
    1⤵
      PID:2308

    Network

    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.190.18.2.in-addr.arpa
      IN PTR
      Response
      71.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-71deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      71.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      71.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.