Overview

overview

3

Static

static

1

3d3c33c8cf...118.js

windows7-x64

3

3d3c33c8cf...118.js

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 02:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d3c33c8cf82e85eb47dc0072eb36390_JaffaCakes118.js

  • Size

    8KB

  • MD5

    3d3c33c8cf82e85eb47dc0072eb36390

  • SHA1

    b9d33d3a0692f3da475d99c8e5533214f81f56f5

  • SHA256

    7e25b8385c6d497c39ee985a5cba2c46527edd64ca4fe873f48ecdd60b5c3101

  • SHA512

    73125eb14791bfbb23179863de04cc281cd09ba89d936a6d451c5d80944c40cafcc084ff6931d857a58730a7aebe34c4eb96e537cfdc8c90478fa8130c67ada2

  • SSDEEP

    192:aI775EKwtj27XAe2IwA6d7D86DFkPo7363V3P:It4u1k6D2w6

Score
3/10
execution

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\3d3c33c8cf82e85eb47dc0072eb36390_JaffaCakes118.js
    1⤵
      PID:3972

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=059D3EC3469765A631232BD447A6647A; domain=.bing.com; expires=Fri, 07-Nov-2025 02:13:06 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CAC07B6BD8F64448A4FB33F8CE036CCC Ref B: LON601060102054 Ref C: 2024-10-13T02:13:06Z
      date: Sun, 13 Oct 2024 02:13:05 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=059D3EC3469765A631232BD447A6647A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=tyQAjUypF1tFGd8SZTLzywDzdLE0PM3Pt9t5cW4e2Fg; domain=.bing.com; expires=Fri, 07-Nov-2025 02:13:06 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C2C1558EE1D14B5B89A8870C543CA378 Ref B: LON601060102054 Ref C: 2024-10-13T02:13:06Z
      date: Sun, 13 Oct 2024 02:13:05 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=059D3EC3469765A631232BD447A6647A; MSPTC=tyQAjUypF1tFGd8SZTLzywDzdLE0PM3Pt9t5cW4e2Fg
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A0FF6A60369C444BB64D65A9351AF5DD Ref B: LON601060102054 Ref C: 2024-10-13T02:13:06Z
      date: Sun, 13 Oct 2024 02:13:05 GMT
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • 150.171.28.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
      tls, http2
      2.1kB
       10.8kB
       23
      20

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3e62463369a144c692c6e3f93d523b0d&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      140.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      140.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      10.28.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.28.171.150.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.