0591b909a9d88755ee6c6140fd7fce7208127a555fdc3ba2a3a09dd9df020c99

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 11:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05156170d3107def0c926862f941495e_JaffaCakes118.exe
Size

465KB
MD5

05156170d3107def0c926862f941495e
SHA1

490becedaa507b8c79454c1d636e162d1fd32aca
SHA256

0591b909a9d88755ee6c6140fd7fce7208127a555fdc3ba2a3a09dd9df020c99
SHA512

03bf03ba708cc1984e3ed8055062b1ba162bbc7c59dd129e2d72851b33b070208e47e582ed7f9f828167703afe1a4ffff53eb382d4ac496a17a10f68e996afc3
SSDEEP

6144:mK0eY9v/66ESieaLK4DtDqPvJPss6hz107Xa9G3K3sK4bgam+xp6N8TjR2gC:gXmX64DtEqrx07XcGisHm+BXC

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2784	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 3496	4136	05156170d3107def0c926862f941495e_JaffaCakes118.exe	96
PID 4136 wrote to memory of 3496	4136	05156170d3107def0c926862f941495e_JaffaCakes118.exe	96
PID 4136 wrote to memory of 3496	4136	05156170d3107def0c926862f941495e_JaffaCakes118.exe	96
PID 3496 wrote to memory of 2784	3496	cmd.exe	98
PID 3496 wrote to memory of 2784	3496	cmd.exe	98
PID 3496 wrote to memory of 2784	3496	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\05156170d3107def0c926862f941495e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05156170d3107def0c926862f941495e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\05156170d3107def0c926862f941495e_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4136-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4136-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4136-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4136-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download