a001f1692d0cc1d7f8b54676d8764d8643fe464034e0f4171c2f19c167e498ad

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe
Size

6KB
MD5

fff912e7ec1bafcf52349092d3bdd7d0
SHA1

b5ca166d19dbfddf7390d155b9f186dcc011767d
SHA256

a001f1692d0cc1d7f8b54676d8764d8643fe464034e0f4171c2f19c167e498ad
SHA512

266ce2b1c6a6f6381573ae58bf198f00fe5bc891ae0c5351d8725ae03350a2b696dd92e6b540a33db2d9f41751ba845c0b6c017ed4db7b5eb0f3f80543bd0a31
SSDEEP

96:rYMpNyQPJq+u4GbCuYrxOTiWKdiKuq4fr8d55H33:FpNZZGOuYtnWuuq4T+5H33

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4352	PING.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 3004	2384	fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe	86
PID 2384 wrote to memory of 3004	2384	fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe	86
PID 2384 wrote to memory of 3004	2384	fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe	86
PID 3004 wrote to memory of 4352	3004	cmd.exe	89
PID 3004 wrote to memory of 4352	3004	cmd.exe	89
PID 3004 wrote to memory of 4352	3004	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c echo ping 127.1 -n 5 >nul 2>nul >1.bat&echo del fff912e7ec1bafcf52349092d3bdd7d0_JaffaCakes118.exe >>1.bat&echo del 1.bat >>1.bat&1.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.1 -n 5
    3⤵
    - Runs ping.exe
    PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
87B

MD5
981c9522498979a330bd7937d332c10d

SHA1
5a028cee68640d85154b6f9bbadad3853d980775

SHA256
ea16431d09ffe4f65aa841b129837183a9840d6173ac8f31549b2b00ebd5d7c5

SHA512
963ebf38b71d3658e7341d9719fdf6851f3a4cb9dd36edfd305b051e8fe8ee7717b3a70cea1310520d3f4af1c1a3af3a2299335bf44add8cbbafe2b8f89111dc

Download Submit
memory/2384-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2384-1-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2384-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download