14b6e8464a148bf9dd7e6b087329113b71c0582a3ae0200ae6575b0b6d392ca9

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe
Size

446KB
MD5

38776538e6354f64f2b15af2dc11710b
SHA1

5571bf6102d2e489faad24bb98a96a526f70af4e
SHA256

14b6e8464a148bf9dd7e6b087329113b71c0582a3ae0200ae6575b0b6d392ca9
SHA512

10dab78beb165de6c6d41ceec105b93cb1bf42bf1b5aecc3efbe4bd0a343cbf0c0f587a890d35c54f9bf9df8b9c6760bc1edaddea694a9d9c3239423835ef072
SSDEEP

12288:m0mykYyMziBa2JJt1j9Z6AVu2hsiWAsi2:jmDvJJj7Ho2LZ2

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3836	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2608	1928	38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe	87
PID 1928 wrote to memory of 2608	1928	38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe	87
PID 1928 wrote to memory of 2608	1928	38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe	87
PID 2608 wrote to memory of 3836	2608	cmd.exe	89
PID 2608 wrote to memory of 3836	2608	cmd.exe	89
PID 2608 wrote to memory of 3836	2608	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\38776538e6354f64f2b15af2dc11710b_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1928-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1928-2-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1928-3-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download