150a0ace910db0b56c051a0d35e2e2003b49d0fe00a2cb0aba85697449e434fa

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 16:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe
Size

397KB
MD5

10fc3a5acee571584a0bd416994c7641
SHA1

aa57ee9e21c25e76eb2f3257e6351ad733a2d8ca
SHA256

150a0ace910db0b56c051a0d35e2e2003b49d0fe00a2cb0aba85697449e434fa
SHA512

1df2018219fbbda5caf0b9e8a54887387616e62b6366fcee99543ecae4a934f0a49b5091d9aa1ed0287ddaff6243a364197d12c7a8fbf83ae9101b79a90a3f7e
SSDEEP

6144:nTjR5PrKF1qNFed5Sp8uq6zout2+/gG0QRXDxHG7fndRxnCxOs:nvRhCSp8uJouw+E8XDxm7fBCEs

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4260	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 952	1124	10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe	96
PID 1124 wrote to memory of 952	1124	10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe	96
PID 1124 wrote to memory of 952	1124	10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe	96
PID 952 wrote to memory of 4260	952	cmd.exe	98
PID 952 wrote to memory of 4260	952	cmd.exe	98
PID 952 wrote to memory of 4260	952	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\10fc3a5acee571584a0bd416994c7641_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:952
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1124-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1124-1-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1124-2-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1124-3-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download