Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 20:14
Behavioral task
behavioral1
Sample
fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe
-
Size
7.9MB
-
MD5
fb15f8575b7123c3de70f8cb94a87ec2
-
SHA1
0dc638cefe035a8be5688a7ea0eef2c2a1472687
-
SHA256
1ee5f148e0f4374e040bace8e339f5dfc970549a86b84893c8c736fb4f80c02a
-
SHA512
9014066379534f05fefbaa26e7f87e024dfca9f05ca91647b877516ef6f945e4a12b31ee2dc442aed96c821cd14cc19cab8259c48d9f4bf091cf66ee6cbd13c3
-
SSDEEP
98304:gVdyCVnP6oDlexqwl7ze9OREe9HW1X2ffO4:mnIoDlW19q9OREeRW1X2ffO4
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4752 2636 WerFault.exe fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 2282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2636 -ip 26361⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2636-0-0x0000000000400000-0x0000000000BE4000-memory.dmpFilesize
7.9MB