metasploit | 82a57b76714ff422b576983265a55484b5d8b70b564f2c585351322841eac6df

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 21:24

Target

f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe
Size

55KB
MD5

f45b75c0b52305bca47561345d2603a2
SHA1

0f1b059db9f36247e3a29c643ae9a8613b80b8d0
SHA256

82a57b76714ff422b576983265a55484b5d8b70b564f2c585351322841eac6df
SHA512

e09ef88c48aaddd7975d1b29e43ca21153a228034a8fdbd58379ee62e48517634037244aef7677980cc98acfe13ac21640c37469f3b17261cb921150e066e101
SSDEEP

384:ZsNkpTT4KijZnbB7CT5IBPEyEr/urUUv4+FBlHGMDwGmU/IQ:6NkpTT4dB7m0Doy1wGd/

Score

10^/10

Family

metasploit

Version

windows/single_exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe

description	pid	process	target process
PID 2004 wrote to memory of 1676	2004	f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe	calc.exe
PID 2004 wrote to memory of 1676	2004	f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe	calc.exe
PID 2004 wrote to memory of 1676	2004	f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe	calc.exe
PID 2004 wrote to memory of 1676	2004	f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe	calc.exe

C:\Users\Admin\AppData\Local\Temp\f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f45b75c0b52305bca47561345d2603a2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004

memory/2004-1-0x00000000006B0000-0x00000000007B0000-memory.dmp

Filesize
1024KB

Download