138682673b9486927c2f245e165419569f95561bdaaa487889befdbf0e2c971d

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe
Size

389KB
MD5

1eb1074007fc1b9edc9f969e11e61c6f
SHA1

6a4646e0e7a0a2be880e9f4b17d1b9430585be17
SHA256

138682673b9486927c2f245e165419569f95561bdaaa487889befdbf0e2c971d
SHA512

89e995c78303166e97b913062a4db423517df0df7ae979f76edf617421c5136af72778e53f35e2a80b56d299e9bd8788390ec043ce5aa42d5ab100076f55302e
SSDEEP

6144:O/KNXIJJA1pCE9GdwQP9y/0rH/DR84YZppoVuMpz0YS0Yp5uEdH0ESiOB:4KNXIzUpb2wQPEc+hDpoUWz1e079B

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1288	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1380	4848	1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe	94
PID 4848 wrote to memory of 1380	4848	1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe	94
PID 4848 wrote to memory of 1380	4848	1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe	94
PID 1380 wrote to memory of 1288	1380	cmd.exe	96
PID 1380 wrote to memory of 1288	1380	cmd.exe	96
PID 1380 wrote to memory of 1288	1380	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1eb1074007fc1b9edc9f969e11e61c6f_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1380
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-0-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4848-1-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4848-2-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4848-3-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download