20eb0b9808909757a233d611b3b460b9e832cb6e0dd3d7b4db8aef00888358cc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe
Size

457KB
MD5

099f7ed3dc195b21e6a3dec2598afc05
SHA1

957ec4d5d05673f036ca51b19a6885af3a2ed4a6
SHA256

20eb0b9808909757a233d611b3b460b9e832cb6e0dd3d7b4db8aef00888358cc
SHA512

b8d5a289a40aed1e85fe151821e039fe94dc33f5000d15feaeeb100156f59b38043cd885abec18e5f12ccb8f34399b1e56fed5ef4cb63975da5cd9cdfef9abdf
SSDEEP

12288:8cnbNniZPRkYcfByGOXg1dxH8lH/vDPnBdHVgr1:8ANnSPRkXrxdclH3DPBFVgr1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2152	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2476	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 2152	1240	099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe	30
PID 1240 wrote to memory of 2152	1240	099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe	30
PID 1240 wrote to memory of 2152	1240	099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe	30
PID 1240 wrote to memory of 2152	1240	099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe	30
PID 2152 wrote to memory of 2476	2152	cmd.exe	32
PID 2152 wrote to memory of 2476	2152	cmd.exe	32
PID 2152 wrote to memory of 2476	2152	cmd.exe	32
PID 2152 wrote to memory of 2476	2152	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\099f7ed3dc195b21e6a3dec2598afc05_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1240-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1240-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1240-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1240-4-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download