12d3cfdc130966a7e82ebdaa0dde0782e4ed7f0e975f80844ca097230f6edcc1

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe
Size

3.2MB
MD5

a05e9410834a3b4c6f5f29842822c11b
SHA1

d8d3ad0cfd3fe6cb30dac452185ccd16e6e39a8c
SHA256

12d3cfdc130966a7e82ebdaa0dde0782e4ed7f0e975f80844ca097230f6edcc1
SHA512

b74a752033b777f983d6b304bc228af52efeb6c202eb574cf9db320aae4fa71b4223003dcd7f83efba4e0dc4b0da5987c3246f16f1929095f648949ff08fb998
SSDEEP

98304:Rdi+V+bLyuP4K84nd/OywFhEejka+FlS2Si5HGnYSmZIVNNABEMF5q5iOf:xV+bLnQK84dHwFPjktlSa5uFmZYNNAaD

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3112	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 3376	3256	a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe	96
PID 3256 wrote to memory of 3376	3256	a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe	96
PID 3256 wrote to memory of 3376	3256	a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe	96
PID 3376 wrote to memory of 3112	3376	cmd.exe	98
PID 3376 wrote to memory of 3112	3376	cmd.exe	98
PID 3376 wrote to memory of 3112	3376	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a05e9410834a3b4c6f5f29842822c11b_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3376
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3256-0-0x0000000000400000-0x0000000000736000-memory.dmp

Filesize
3.2MB

Download
memory/3256-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3256-2-0x0000000000400000-0x0000000000736000-memory.dmp

Filesize
3.2MB

Download
memory/3256-3-0x0000000000400000-0x0000000000736000-memory.dmp

Filesize
3.2MB

Download
memory/3256-4-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download