2303444ba6e75af3face3f63201595bdda6c38c3d4744f08abe262b8cc073642

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe
Size

386KB
MD5

4f11dee0b3b179f1919c16957d02eab8
SHA1

996ee1fdd83eb580b150419e39ac57688e665f62
SHA256

2303444ba6e75af3face3f63201595bdda6c38c3d4744f08abe262b8cc073642
SHA512

52e226d981ed38307a58b34e004645df3ef589c09bf7756a1a0a0f75fcbe01913b36585e3a1c623a0bc1b99b4e6a69551f31f5a97185ed5bfe74b9a6373632dd
SSDEEP

6144:9YoiG0pCrJRCFgYDgLQOPuF26Rm/t6X/6dfMOUfx5xnCGF:i+1lY8fmY6Rm/QX/mrUBCGF

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2644	cmd.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2536	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2644	2088	4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2644	2088	4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2644	2088	4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe	30
PID 2088 wrote to memory of 2644	2088	4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2536	2644	cmd.exe	32
PID 2644 wrote to memory of 2536	2644	cmd.exe	32
PID 2644 wrote to memory of 2536	2644	cmd.exe	32
PID 2644 wrote to memory of 2536	2644	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2088-1-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2088-2-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2088-3-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2088-4-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download