149a866bef31237bc3edea33748f2fd054063df1918fe97480fa37c6fbc33f63

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe
Size

386KB
MD5

3c7b4ebef5d82515a628e68240e7d315
SHA1

4cde6d38e1355391a600e3149bcaee2c774c59ca
SHA256

149a866bef31237bc3edea33748f2fd054063df1918fe97480fa37c6fbc33f63
SHA512

55cce084b1efdbf1834c0594cbf26a219e4766d3c9a255b2a7b115b236fbbf2c3e92e7d1d7fbf917ee89ad8254152266b9fba1cff759ffea819e843a52da639d
SSDEEP

6144:SMqnoP4fRcXHeanNjZo+bbEDJwhHM1P74dfoWpJIx7Mdx:SMzic6FRx4GWz1x

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2456	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 2092	5052	3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe	87
PID 5052 wrote to memory of 2092	5052	3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe	87
PID 5052 wrote to memory of 2092	5052	3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe	87
PID 2092 wrote to memory of 2456	2092	cmd.exe	89
PID 2092 wrote to memory of 2456	2092	cmd.exe	89
PID 2092 wrote to memory of 2456	2092	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\3c7b4ebef5d82515a628e68240e7d315_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5052-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5052-1-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5052-2-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5052-3-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download