Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:07
Static task
static1
Behavioral task
behavioral1
Sample
a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe
Resource
win7-20240419-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
a500f61bceafcb0683ee2a8ab17bf750
-
SHA1
aed93b9c27ab61dd15f7a03a399cd68e026f1cb9
-
SHA256
10ad1c02bae4b2e1f1ee63936a7e3183e4e6ebe09681763e5b509d9c718cdc72
-
SHA512
5081bd1f3d7c5ac0f7151021aa64169ba6ff2ba1ab3b3b2c73b85d6ed7ac0a97307741612712c847986034e776c7bc2b54aecef216e3e3c01f58bebed3c98934
-
SSDEEP
98304:/da+bLyVP4K84nB4OywFhEejk6+FlS2Si5HDknYSmZIVNpnE4MF5i5H5iO:U+bLUQK84BMwFPjkNlSa5DIFmZYNpE4P
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 3260 PING.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3684 wrote to memory of 3596 3684 a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe 86 PID 3684 wrote to memory of 3596 3684 a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe 86 PID 3684 wrote to memory of 3596 3684 a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe 86 PID 3596 wrote to memory of 3260 3596 cmd.exe 88 PID 3596 wrote to memory of 3260 3596 cmd.exe 88 PID 3596 wrote to memory of 3260 3596 cmd.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a500f61bceafcb0683ee2a8ab17bf750_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3596 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:3260
-
-