Behavioral task
behavioral1
Sample
fe6f30fbcb892daac0ac242b8416b507_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fe6f30fbcb892daac0ac242b8416b507_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fe6f30fbcb892daac0ac242b8416b507_JaffaCakes118
-
Size
76KB
-
MD5
fe6f30fbcb892daac0ac242b8416b507
-
SHA1
09bab8f72b6e81e45f62828237632cdc0378738a
-
SHA256
c6622a58d2a35cf780a05222c9c77336fe5017d6e7c4f2f5641b9c3d2271ee5b
-
SHA512
c9db7f5b123ffa17c424caf3047c8fd0db4ab16662cedca8568ab4092ed28d94289d282c24d75959f29a5ea02c6b98fbcb4ca2cfa1d5e4f535e46ce438d75518
-
SSDEEP
1536:0otbWNuh6OI20C4IrCs2C7Oxy5rojOlAh9Y:0QbWf20C4IrccS4oE09Y
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource fe6f30fbcb892daac0ac242b8416b507_JaffaCakes118
Files
-
fe6f30fbcb892daac0ac242b8416b507_JaffaCakes118.exe windows:4 windows x86 arch:x86
05bdf9a167e2f602a49b4b0da65ca595
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OutputDebugStringA
SetSystemTime
GetSystemTime
CreateProcessA
GetFileSize
FreeLibrary
LoadLibraryA
HeapFree
lstrcmpA
lstrcpynA
HeapAlloc
GetProcessHeap
GetLastError
GetCurrentProcess
TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
SetEvent
WinExec
GetModuleFileNameA
CreateEventA
OutputDebugStringW
OpenEventA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
CreateFileW
TransactNamedPipe
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetStartupInfoA
ExitProcess
ResetEvent
CreateThread
GetModuleHandleA
GetProcAddress
Sleep
lstrcpyA
DeleteFileA
CreateFileA
DeviceIoControl
ReadFile
CloseHandle
SetFilePointer
GetSystemDirectoryA
lstrlenA
lstrcatA
GetCommandLineA
WriteFile
mpr
WNetAddConnection2A
WNetCancelConnection2A
ws2_32
__WSAFDIsSet
connect
select
WSAGetLastError
recv
closesocket
send
htons
inet_addr
WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
listen
accept
bind
socket
iphlpapi
SendARP
rpcrt4
UuidToStringA
UuidFromStringA
user32
wvsprintfA
IsCharAlphaNumericA
ShowWindow
FindWindowA
SendMessageA
wsprintfA
advapi32
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
DeleteService
ChangeServiceConfig2A
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
QueryServiceStatus
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE