Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
30-03-2024 22:22
Static task
static1
Behavioral task
behavioral1
Sample
45cac4a60961dbee811eb29155cade50_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
45cac4a60961dbee811eb29155cade50_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
45cac4a60961dbee811eb29155cade50_JaffaCakes118.exe
-
Size
3.0MB
-
MD5
45cac4a60961dbee811eb29155cade50
-
SHA1
3cedd01f8432613740bf0dfcd395fe5d222c2637
-
SHA256
abf276416a2f0a7e6d0f9d3dd65b279d791f91ded46f8a05f33c2661426c9bed
-
SHA512
70c88a52d9d128b4fe3e99cad0d23a7f953348d9563f04b3647763e78f453323310f91431873852c1629d484613910880c181e788e817f3022b311e0c8b0461f
-
SSDEEP
49152:OR692U1BfJXAEkqkE6t6I551n3jrlkdtc5FjPSn74muL65kDv70MFg2RDeZP:6692U1BfKEaN52tajKn7fl5kU6
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.137:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
45cac4a60961dbee811eb29155cade50_JaffaCakes118.exepid process 3868 45cac4a60961dbee811eb29155cade50_JaffaCakes118.exe 3868 45cac4a60961dbee811eb29155cade50_JaffaCakes118.exe