Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 02:24

General

  • Target

    c83b6f854ced29f18793f1a2e9c4326d_JaffaCakes118.exe

  • Size

    97KB

  • MD5

    c83b6f854ced29f18793f1a2e9c4326d

  • SHA1

    199a8d4855ef32086e110c30dac5260ccdb219f8

  • SHA256

    59e1d06a66662a0eb1bd194fc6e714024b14ef8b80bba83f4623721040622f98

  • SHA512

    ee3fe0df67df90a9bfd757a241079b00905c4aadccaec132643ff1e15e0414c7df37fa720e764dc9a2eb6f887a10ff9fe1090a120d75ff88c3615118b1b6f326

  • SSDEEP

    768:AwKlw36QrbSNNUrgYKMwj6QOk2TO1v5KyRkXnNgh+yp3Y27ES0EmTu4aVd907ca8:qYbSNTYfaN/vH+ypjSaRQBNvuNJGa

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.15:443

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c83b6f854ced29f18793f1a2e9c4326d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c83b6f854ced29f18793f1a2e9c4326d_JaffaCakes118.exe"
    1⤵
      PID:2056

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2056-0-0x0000000000030000-0x0000000000031000-memory.dmp

            Filesize

            4KB

          • memory/2056-1-0x0000000000400000-0x000000000041D000-memory.dmp

            Filesize

            116KB

          • memory/2056-11-0x0000000000400000-0x000000000041D000-memory.dmp

            Filesize

            116KB