Overview

overview

10

Static

static

10

5bc5f4e9f3...18.exe

windows7-x64

10

5bc5f4e9f3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bc5f4e9f32969eb3ebb9e8b55f46a3c_JaffaCakes118.exe

  • Size

    199KB

  • MD5

    5bc5f4e9f32969eb3ebb9e8b55f46a3c

  • SHA1

    b3010e2efda4df7e51fc87819c082c5b370171ab

  • SHA256

    30498e1122914fb1a3a743df459a3ac860a493e64727471f99bb00bc64dd613c

  • SHA512

    6f7fbd8e03802eda29d2ab8669a97f1ad590aa75fcf563d6ea7ae8de60ed260f80ae54f89a3a4a01b0259d21bfdd6a3cd0634d5f923e93de7ef96ab7517142f1

  • SSDEEP

    3072:FzqTC/VXu6whe0Nc8QsCtbvWs+YSsJ04Tb32BzpjzM2wOTdw271g87/mo:RqGdXu6wg0Nc8Qs+kBMb32XM2TF7S

Score
10/10
metasploitbackdoortrojan

Malware Config

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bc5f4e9f32969eb3ebb9e8b55f46a3c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5bc5f4e9f32969eb3ebb9e8b55f46a3c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 64
      2⤵
      • Program crash
      PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2032-0-0x0000000000400000-0x00000000004367C8-memory.dmp
    Filesize

    217KB

    Download
  • memory/2032-1-0x0000000000400000-0x00000000004367C8-memory.dmp
    Filesize

    217KB

    Download