metasploit | bfefa83dfe710110cb2d878ba64ceb037a7e55e612bafe87336873f56623aead

Analysis

max time kernel
110s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2024 03:35

Target

327bc03c1821cc7673ff48bc47d93368_JaffaCakes118.dll
Size

827KB
MD5

327bc03c1821cc7673ff48bc47d93368
SHA1

af4255deb60eda4e4fdab5a958f10961bd86fc84
SHA256

bfefa83dfe710110cb2d878ba64ceb037a7e55e612bafe87336873f56623aead
SHA512

9ddf45a4a69595e300e81ca5a40ce4e379b69eb81a7ce3312a57cd9aa26e61a0d5ba30c2c91a868aea6807760e9939027bb6630ac9a7f4b343ddfda2a156642d
SSDEEP

24576:j+gecwDSOyMLU5y0IrDU/KOPSZFaxmXVhBgnKgzO:jx77MQ5yCTxJKaO

Score

10^/10

Family

metasploit

Version

windows/download_exec

http://senocele.com:443/components/profile.gif

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4340 wrote to memory of 4204	4340	rundll32.exe	rundll32.exe
PID 4340 wrote to memory of 4204	4340	rundll32.exe	rundll32.exe
PID 4340 wrote to memory of 4204	4340	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\327bc03c1821cc7673ff48bc47d93368_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\327bc03c1821cc7673ff48bc47d93368_JaffaCakes118.dll,#1
2⤵
PID:4204

memory/4204-0-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download