Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-04-2024 21:24
Static task
static1
Behavioral task
behavioral1
Sample
f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe
-
Size
55KB
-
MD5
f45b75c0b52305bca47561345d2603a2
-
SHA1
0f1b059db9f36247e3a29c643ae9a8613b80b8d0
-
SHA256
82a57b76714ff422b576983265a55484b5d8b70b564f2c585351322841eac6df
-
SHA512
e09ef88c48aaddd7975d1b29e43ca21153a228034a8fdbd58379ee62e48517634037244aef7677980cc98acfe13ac21640c37469f3b17261cb921150e066e101
-
SSDEEP
384:ZsNkpTT4KijZnbB7CT5IBPEyEr/urUUv4+FBlHGMDwGmU/IQ:6NkpTT4dB7m0Doy1wGd/
Malware Config
Extracted
metasploit
windows/single_exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exedescription pid process target process PID 2004 wrote to memory of 1676 2004 f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe calc.exe PID 2004 wrote to memory of 1676 2004 f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe calc.exe PID 2004 wrote to memory of 1676 2004 f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe calc.exe PID 2004 wrote to memory of 1676 2004 f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe calc.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-1-0x00000000006B0000-0x00000000007B0000-memory.dmpFilesize
1024KB