Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 21:40
Static task
static1
Behavioral task
behavioral1
Sample
68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe
-
Size
458KB
-
MD5
68b9f68fa26759034ca8b2fdac3e4ee5
-
SHA1
166b902ce7fcce26d6dae8e1adbdea953523ca7b
-
SHA256
143c66195748f6b58947648fa1afad83edc1fbe864fdf125f90dac4702259920
-
SHA512
8c544235e5e93a4a8d9cda270f79865eb248abf7b3e0ae735098b6b763837c208bef1e6ea3a623718220a6bae3215aa7ff60848f92d194a96d0d0e2af5af95ec
-
SSDEEP
6144:y2v+FSyURbz76Dmp3NShvPQDtPMf7skL7j/jUwARVeM5a3Mdh50fgSR2gm:Xv+gRX72mp3NS1Yp2skDIr+2h5sm
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 2592 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.execmd.exedescription pid process target process PID 1720 wrote to memory of 2592 1720 68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe cmd.exe PID 1720 wrote to memory of 2592 1720 68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe cmd.exe PID 1720 wrote to memory of 2592 1720 68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe cmd.exe PID 1720 wrote to memory of 2592 1720 68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe cmd.exe PID 2592 wrote to memory of 2620 2592 cmd.exe PING.EXE PID 2592 wrote to memory of 2620 2592 cmd.exe PING.EXE PID 2592 wrote to memory of 2620 2592 cmd.exe PING.EXE PID 2592 wrote to memory of 2620 2592 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1720-0-0x0000000000400000-0x000000000047A000-memory.dmpFilesize
488KB
-
memory/1720-1-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/1720-2-0x0000000000400000-0x000000000047A000-memory.dmpFilesize
488KB
-
memory/1720-4-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/1720-3-0x0000000000400000-0x000000000047A000-memory.dmpFilesize
488KB