1229a72cf2c347705accf412551611567ce8c6974fcd9c6371ffd9079d6e8eb0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:47

Target

68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe
Size

470KB
MD5

68bed179d87c326e12870d088b533c6d
SHA1

8626be21f24e8d21981d2cf4ae0adc096f33e012
SHA256

1229a72cf2c347705accf412551611567ce8c6974fcd9c6371ffd9079d6e8eb0
SHA512

5cc917721020c003fcf3414f10243f3c3fff20f35262d782ba7e6c5fa23aefe55a526f1311b436db11f08890507ef34a1665ec311975e78e496506281aacdf35
SSDEEP

6144:olwRhA1DvznjP7dnP609PRab+N/JSaQyD9h7kiumdlpkyKOIAvaf9PtZt9Gc3Vus:iwRu5vlpakJSadzYYpkyKfjDFzd1sU

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

5084 PING.EXE

pid	process
5084	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

68bed179d87c326e12870d088b533c6d_JaffaCakes118.execmd.exe

description	pid	process	target process
PID 4540 wrote to memory of 4716	4540	68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe	cmd.exe
PID 4540 wrote to memory of 4716	4540	68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe	cmd.exe
PID 4540 wrote to memory of 4716	4540	68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe	cmd.exe
PID 4716 wrote to memory of 5084	4716	cmd.exe	PING.EXE
PID 4716 wrote to memory of 5084	4716	cmd.exe	PING.EXE
PID 4716 wrote to memory of 5084	4716	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4540

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\68bed179d87c326e12870d088b533c6d_JaffaCakes118.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4716

C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
3⤵
- Runs ping.exe
PID:5084

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4540-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4540-1-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4540-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4540-4-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4540-3-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download