Overview

overview

10

Static

static

10

fb15f8575b...18.exe

windows7-x64

10

fb15f8575b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-04-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe

  • Size

    7.9MB

  • MD5

    fb15f8575b7123c3de70f8cb94a87ec2

  • SHA1

    0dc638cefe035a8be5688a7ea0eef2c2a1472687

  • SHA256

    1ee5f148e0f4374e040bace8e339f5dfc970549a86b84893c8c736fb4f80c02a

  • SHA512

    9014066379534f05fefbaa26e7f87e024dfca9f05ca91647b877516ef6f945e4a12b31ee2dc442aed96c821cd14cc19cab8259c48d9f4bf091cf66ee6cbd13c3

  • SSDEEP

    98304:gVdyCVnP6oDlexqwl7ze9OREe9HW1X2ffO4:mnIoDlW19q9OREeRW1X2ffO4

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb15f8575b7123c3de70f8cb94a87ec2_JaffaCakes118.exe"
    1⤵
      PID:2636
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 228
        2⤵
        • Program crash
        PID:4752
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2636 -ip 2636
      1⤵
        PID:2092

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2636-0-0x0000000000400000-0x0000000000BE4000-memory.dmp
        Filesize

        7.9MB

        Download