af4f1f0e6fd9e3fb95eb1917871d6071570a15bf677012bf66bb3f2bda92da28 | Triage

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 09:14 UTC

Sharing

Report Analysis Logs

General

Target

JaffaCakes118_e2aaaf148dfc47c0290d5e7703423499.js
Size

19KB
MD5

e2aaaf148dfc47c0290d5e7703423499
SHA1

36c4aafe63eb0081215add4e231009360ec23349
SHA256

af4f1f0e6fd9e3fb95eb1917871d6071570a15bf677012bf66bb3f2bda92da28
SHA512

6a067811d6500685e40c6a025afbf7ec74d9fc12eb595c416116f8c39068c2b3404cf9f1117eb370823920720de86efc090e9dfa560d7bfe66562dd43aaf63ab
SSDEEP

192:BheXdgBb9juRdwarkRS3D9lL8aHrGG0v/3i58VfivV2j6CBmreP8q2GQ20aefTgb:aRdxz9l46aefTg8g0wRSp3xCN

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2aaaf148dfc47c0290d5e7703423499.js
1⤵
PID:4784

Network

DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

7.98.51.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.98.51.23.in-addr.arpa

IN PTR

Response

7.98.51.23.in-addr.arpa

IN PTR

a23-51-98-7deploystaticakamaitechnologiescom
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

7.98.51.23.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

7.98.51.23.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads