143c66195748f6b58947648fa1afad83edc1fbe864fdf125f90dac4702259920

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:40

Target

68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe
Size

458KB
MD5

68b9f68fa26759034ca8b2fdac3e4ee5
SHA1

166b902ce7fcce26d6dae8e1adbdea953523ca7b
SHA256

143c66195748f6b58947648fa1afad83edc1fbe864fdf125f90dac4702259920
SHA512

8c544235e5e93a4a8d9cda270f79865eb248abf7b3e0ae735098b6b763837c208bef1e6ea3a623718220a6bae3215aa7ff60848f92d194a96d0d0e2af5af95ec
SSDEEP

6144:y2v+FSyURbz76Dmp3NShvPQDtPMf7skL7j/jUwARVeM5a3Mdh50fgSR2gm:Xv+gRX72mp3NS1Yp2skDIr+2h5sm

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2592 cmd.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

2620 PING.EXE

pid	process
2592	cmd.exe

pid	process
2620	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.execmd.exe

description	pid	process	target process
PID 1720 wrote to memory of 2592	1720	68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe	cmd.exe
PID 1720 wrote to memory of 2592	1720	68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe	cmd.exe
PID 1720 wrote to memory of 2592	1720	68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe	cmd.exe
PID 1720 wrote to memory of 2592	1720	68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe	cmd.exe
PID 2592 wrote to memory of 2620	2592	cmd.exe	PING.EXE
PID 2592 wrote to memory of 2620	2592	cmd.exe	PING.EXE
PID 2592 wrote to memory of 2620	2592	cmd.exe	PING.EXE
PID 2592 wrote to memory of 2620	2592	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68b9f68fa26759034ca8b2fdac3e4ee5_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
3⤵
- Runs ping.exe
PID:2620

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

memory/1720-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1720-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1720-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1720-4-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1720-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download