13178e8c8da7fd574674a6ab69ee56eb1fd048ff47973c34822b125748901f6c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe
Size

96KB
MD5

8ccdffa8d35b295ff925ab0cfe7c82ff
SHA1

656f3b52f1014e8eed142a77eef9f9c3240a75ac
SHA256

13178e8c8da7fd574674a6ab69ee56eb1fd048ff47973c34822b125748901f6c
SHA512

9208bd82ed6c6d12fa7ee4c141823d9d0fbb72da04d975317e552bf3bc41f54ba52442eb7ef3f43c3ec793e4164434be8e61b5d7f6503636b88194b1293db8d9
SSDEEP

1536:E47ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfPwc1sj4qm4:EWFfHgTWmCRkGbKGLeNTBfPp1sj4x4

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3636	PING.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3128	1880	8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe	82
PID 1880 wrote to memory of 3128	1880	8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe	82
PID 3128 wrote to memory of 1032	3128	cmd.exe	83
PID 3128 wrote to memory of 1032	3128	cmd.exe	83
PID 3128 wrote to memory of 3032	3128	cmd.exe	84
PID 3128 wrote to memory of 3032	3128	cmd.exe	84
PID 3128 wrote to memory of 3636	3128	cmd.exe	85
PID 3128 wrote to memory of 3636	3128	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\32F7.tmp\32F8.tmp\32F9.bat C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" ver "
    3⤵
    PID:1032
- - C:\Windows\system32\find.exe
    find "Version 6.0"
    3⤵
    PID:3032
- - C:\Windows\system32\PING.EXE
    ping -n 7 localhost
    3⤵
    - Runs ping.exe
    PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\32F7.tmp\32F8.tmp\32F9.bat

Filesize
3KB

MD5
2f0ec98ebb636963e785a15a5824639e

SHA1
0761023da43df7732977e363ce6b92b65275c12c

SHA256
52bc7028d5329c0316cf4280f26f8cc1f2debd7f4be64f12d7c6d4468fcb1a50

SHA512
d88c57d69c9ee1d5cd8f60dadac6c72fb05556ed43628a9ce2696a0c8381163761e15e49a22ddf3181fc3be339ca33b077d5d2e554373801d78c51d4e39e8d13

Download Submit