Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:34
Static task
static1
Behavioral task
behavioral1
Sample
694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe
-
Size
458KB
-
MD5
694e6b6d2181763fce0eb4935f21de22
-
SHA1
aaab711709fa50ef83dd625203ce412229b74c94
-
SHA256
241246b84cd223823e17beb21158d016ec4cc2b73d01ed0517a3b0c9dd11b244
-
SHA512
7652854ca19daa36c039026e95cc228851a580652bda5ccc25f9b6c50596dc0c4bc9fc79adeb1192faa8d55090eb38bc6aeeb6e7d0af9cbac454205972d68886
-
SSDEEP
6144:khcI8Q4aYvSBLRP4bdIMOZ/feg1RNpxDjVZWj/xTONRp23gmzfHM4:kheatDP4b/6RL5jVc9ONRpazV
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 2636 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.execmd.exedescription pid process target process PID 1260 wrote to memory of 2636 1260 694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe cmd.exe PID 1260 wrote to memory of 2636 1260 694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe cmd.exe PID 1260 wrote to memory of 2636 1260 694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe cmd.exe PID 1260 wrote to memory of 2636 1260 694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe cmd.exe PID 2636 wrote to memory of 2004 2636 cmd.exe PING.EXE PID 2636 wrote to memory of 2004 2636 cmd.exe PING.EXE PID 2636 wrote to memory of 2004 2636 cmd.exe PING.EXE PID 2636 wrote to memory of 2004 2636 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1260 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\694e6b6d2181763fce0eb4935f21de22_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2636 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:2004