General
-
Target
ff4052469c915086816181d508b461f5_JaffaCakes118
-
Size
107KB
-
Sample
240421-pey7jaba79
-
MD5
ff4052469c915086816181d508b461f5
-
SHA1
96c2b1560303836e83ad2a61fb41ef7bd27baa9c
-
SHA256
5650ade1fa0db87b3afb26bfc4838d3aafe0ed49df027db5cb89cbc116cfd920
-
SHA512
8f01e8a4226a060fe83e91dedb99f3480348eab57358f7301102e7ec9797130393d93ce431d665315ab71b51bf64311756c5eb32667be7b9731606cf40822456
-
SSDEEP
3072:4TInoF0+6Fkg9fErUgQpk6h54CN1foZejnD6:4TInx+OV9srUgl6hKCrfoZGD6
Static task
static1
Behavioral task
behavioral1
Sample
ff4052469c915086816181d508b461f5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff4052469c915086816181d508b461f5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ff4052469c915086816181d508b461f5_JaffaCakes118
-
Size
107KB
-
MD5
ff4052469c915086816181d508b461f5
-
SHA1
96c2b1560303836e83ad2a61fb41ef7bd27baa9c
-
SHA256
5650ade1fa0db87b3afb26bfc4838d3aafe0ed49df027db5cb89cbc116cfd920
-
SHA512
8f01e8a4226a060fe83e91dedb99f3480348eab57358f7301102e7ec9797130393d93ce431d665315ab71b51bf64311756c5eb32667be7b9731606cf40822456
-
SSDEEP
3072:4TInoF0+6Fkg9fErUgQpk6h54CN1foZejnD6:4TInx+OV9srUgl6hKCrfoZGD6
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-