Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18-04-2024 14:56
Static task
static1
Behavioral task
behavioral1
Sample
f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe
-
Size
907KB
-
MD5
f83df60f0febb89491c69c5cc4f6173e
-
SHA1
457aacdbe1e49066cce5bf8f6dbd6f68b85da95d
-
SHA256
aee8fd3045f3c997f18bda3459f0267580d224d5e652d6241205b67c3bfe3155
-
SHA512
b58f383423d32ca91b36930799900cd5c518b0e277a0f2f4f8e90d5fa58ec159947914135a6c025d70b05af988dad02087c14451777b095b2d7d24ebde3af0a6
-
SSDEEP
12288:SCdOy3vVrK8R5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1KmIcJTYAQ:SCdxtz/80jYLT3U1jfsWa1Km3NYAQ
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.1.123:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe 2908 f83df60f0febb89491c69c5cc4f6173e_JaffaCakes118.exe