1c345127bc3b26fb88a5cc8188449c16ae8b1847a08133759325d9f4a755d63d

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe
Size

128KB
MD5

651e7c5944134adbb275ed217c100e5b
SHA1

acfc5922df5bfada2159dd2c7f0ff130eaa6c677
SHA256

1c345127bc3b26fb88a5cc8188449c16ae8b1847a08133759325d9f4a755d63d
SHA512

ef6f7efc2c3a55b72f235bed3c9341c8ed09b983d599a6485e666fac5d236276f4676fe3ee86663b56279814af3ff86eefa55a67ba0803e2ae73e6066f18ba07
SSDEEP

1536:52HggCt/eu955iB+Eg/grzz9blELjGBN4TBIvVe2xWVJeeJh88zFHvOyct2b:52HdC9kh3bmUpde788zFPOyct2b

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1704	ipconfig.exe
2768	ipconfig.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 4564	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	84
PID 4428 wrote to memory of 4564	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	84
PID 4428 wrote to memory of 4564	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	84
PID 4564 wrote to memory of 1704	4564	cmd.exe	86
PID 4564 wrote to memory of 1704	4564	cmd.exe	86
PID 4564 wrote to memory of 1704	4564	cmd.exe	86
PID 4428 wrote to memory of 4948	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	108
PID 4428 wrote to memory of 4948	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	108
PID 4428 wrote to memory of 4948	4428	651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe	108
PID 4948 wrote to memory of 2768	4948	cmd.exe	110
PID 4948 wrote to memory of 2768	4948	cmd.exe	110
PID 4948 wrote to memory of 2768	4948	cmd.exe	110

C:\Users\Admin\AppData\Local\Temp\651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\651e7c5944134adbb275ed217c100e5b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1704
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads