2318491d4a5db541fc38a7b4daf81c1cc490d1064bcaa17c0c883d44ae0c95bd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:38

Target

692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe
Size

458KB
MD5

692bbb135421e36241b1c7a69816fed8
SHA1

e75a271445775c413a3890d3701b16531ec1b1b2
SHA256

2318491d4a5db541fc38a7b4daf81c1cc490d1064bcaa17c0c883d44ae0c95bd
SHA512

fa9ac42695ff633d8b8bb32f46ef06324b73e771aa173609b35c5654d2cd1bcb1eb71d87d60711f4436d6c1cb56dc72948dec55c4a4994c72c1ded567ba57708
SSDEEP

12288:FHZDyx+PouE0pkC36PstuxbiUabmpSabJQhXP:BZDyMPoBC3w3biJbmpQhXP

Score

1^/10

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4608 PING.EXE

pid	process
4608	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

692bbb135421e36241b1c7a69816fed8_JaffaCakes118.execmd.exe

description	pid	process	target process
PID 1212 wrote to memory of 8	1212	692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe	cmd.exe
PID 1212 wrote to memory of 8	1212	692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe	cmd.exe
PID 1212 wrote to memory of 8	1212	692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe	cmd.exe
PID 8 wrote to memory of 4608	8	cmd.exe	PING.EXE
PID 8 wrote to memory of 4608	8	cmd.exe	PING.EXE
PID 8 wrote to memory of 4608	8	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\692bbb135421e36241b1c7a69816fed8_JaffaCakes118.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:8

C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
3⤵
- Runs ping.exe
PID:4608

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

memory/1212-0-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1212-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1212-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/1212-3-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download