Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31-03-2024 16:15
Static task
static1
Behavioral task
behavioral1
Sample
58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe
-
Size
328KB
-
MD5
58336a3811207c8d3f57709317b172e9
-
SHA1
221f507292989dbd52c3a26df4d3fb9f1d80af7a
-
SHA256
a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f
-
SHA512
99b0ccc043f20339d82bcdd5634dfa4ea863fb466121c67c663c12247d1f442cc0868b4cdd06aba64e3684015aa364af9d2ffc8567f14b585efa79d97cd43b80
-
SSDEEP
6144:t4/za7ALmvWwG8iAPMS7BhJC0NNaHud0WiwmbiaPFpQva8yTVDzZ:C/+e9r6T7XQ0qONs2qFWvXyZ
Malware Config
Extracted
cobaltstrike
http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.