metasploit | 1b93a203f24d4922b9e4cfa4f5896712e0029eb688c7aa99ce2cff1035323ede

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 10:09

Target

ff0a9a51a747bb6a4fff5321a922db7f_JaffaCakes118.exe
Size

72KB
MD5

ff0a9a51a747bb6a4fff5321a922db7f
SHA1

4fccf8e305aecc50efe7ccb1285a99f17c1d3bad
SHA256

1b93a203f24d4922b9e4cfa4f5896712e0029eb688c7aa99ce2cff1035323ede
SHA512

bac3a6312cd2d2e1444d909697f0e8684fb02e71c462eb4093c235820c8c5d8bada00238b7b8896a26e316aea92744dadf624f143ab9b142cd2281715210bbcb
SSDEEP

1536:Ih8xaKHu+jUE2RyQCs4p8K8Mb+KR0Nc8QsJq39:O8ZH7UE0uye0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.2.9:3333

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\ff0a9a51a747bb6a4fff5321a922db7f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff0a9a51a747bb6a4fff5321a922db7f_JaffaCakes118.exe"
1⤵
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3896 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:4104

memory/2828-0-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download