Overview

overview

10

Static

static

1

f53a3aab35...118.js

windows7-x64

10

f53a3aab35...118.js

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f53a3aab3577f84585d454f740674153_JaffaCakes118.js

  • Size

    927KB

  • MD5

    f53a3aab3577f84585d454f740674153

  • SHA1

    f1cb2e77d4a46528b3041f3f5eda0db7dc9d9f07

  • SHA256

    58d82393590ce456b7464fa723218fcb67323f15fa4f5794a1f5fd9818032f44

  • SHA512

    59c8dd71a8d4df5211b259e9422c3d376fa08c0d866394ddcc0d24d0b0e6f04b79941121ab01efa5d730e34d2a866d2378a86edfce019894e477673d2a9bc556

  • SSDEEP

    24576:HG3ZRx1744y480k0rdGPKEfpCn16BObdv:m3Z718+80k7KEfpOzdv

Score
10/10
cobaltstrikebackdoorexecutiontrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\f53a3aab3577f84585d454f740674153_JaffaCakes118.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\System32\mstsc.exe
      C:/Windows/System32/mstsc.exe
      2⤵
        PID:2616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2512-0-0x000007FEF5873000-0x000007FEF5874000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2512-1-0x000000001DB60000-0x000000001DC56000-memory.dmp

      Filesize

      984KB

      Download

    • memory/2512-2-0x000000001D5B0000-0x000000001D662000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2512-6-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2616-3-0x0000000000060000-0x00000000000A0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2616-5-0x0000000000210000-0x0000000000281000-memory.dmp

      Filesize

      452KB

      Download