Overview

overview

10

Static

static

3

f7b5a2fabc...18.exe

windows7-x64

10

f7b5a2fabc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7b5a2fabce2acf84f5b465e3b1c5e19_JaffaCakes118.exe

  • Size

    3.0MB

  • MD5

    f7b5a2fabce2acf84f5b465e3b1c5e19

  • SHA1

    a8a3159e3128878c1c54835edb24d8f10fea8adc

  • SHA256

    fd87a94c79c08fe4d2e7c55cf9fb400638e154b752b2d2d5f86207c5a2a3b353

  • SHA512

    a980e74930bc32c5b479456f93f98f91d1c3a1bf38ce80f69b10c6037efe9c4871361f7e5702bacf5c495bc227d37c45c5f5e2c8ceab7be9bd270f54c403157d

  • SSDEEP

    49152:9vBfJXAE4pq5PtDZebWSGUDHLtDEy2sr0mRu3ljzSTz7Lv14BBQpsEAvG:9vBfKE4wbZeaSrmy2s76jqPL9UksEAO

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.11.12.13:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7b5a2fabce2acf84f5b465e3b1c5e19_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7b5a2fabce2acf84f5b465e3b1c5e19_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4572-0-0x0000000000800000-0x0000000000801000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4572-1-0x0000000000800000-0x0000000000801000-memory.dmp
    Filesize

    4KB

    Download