General
-
Target
fd47f7fac3ec650eae715795086bc6d7_JaffaCakes118
-
Size
121KB
-
Sample
240420-wbfz4sec91
-
MD5
fd47f7fac3ec650eae715795086bc6d7
-
SHA1
33817ba286395cec76a64f24ee3d6392ac448591
-
SHA256
289b9b7e2bd6678218e33d77c6464d2c5c5807f99d6e7e4037ba87b98530e274
-
SHA512
2074b6cbf166bd1999917d895a7c7f24ac339e02790d922bc028a5ac1fe49a155aed6c78a469914403be3211c950ec3c926d6f248b9787ee00c9dc36a4df7fad
-
SSDEEP
768:fjXEU8CPfbgDI2yDv5iKakaRLpWvry0j4zLRahqPLpnfFSdxwhl:jeDgkKapRI8Ex
Static task
static1
Behavioral task
behavioral1
Sample
fd47f7fac3ec650eae715795086bc6d7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd47f7fac3ec650eae715795086bc6d7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
fd47f7fac3ec650eae715795086bc6d7_JaffaCakes118
-
Size
121KB
-
MD5
fd47f7fac3ec650eae715795086bc6d7
-
SHA1
33817ba286395cec76a64f24ee3d6392ac448591
-
SHA256
289b9b7e2bd6678218e33d77c6464d2c5c5807f99d6e7e4037ba87b98530e274
-
SHA512
2074b6cbf166bd1999917d895a7c7f24ac339e02790d922bc028a5ac1fe49a155aed6c78a469914403be3211c950ec3c926d6f248b9787ee00c9dc36a4df7fad
-
SSDEEP
768:fjXEU8CPfbgDI2yDv5iKakaRLpWvry0j4zLRahqPLpnfFSdxwhl:jeDgkKapRI8Ex
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-