metasploit | 4450663628a0c753268e8f2ea0c0168c74ccbf5c87c61c50f5ef1a045a07a705

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 18:17

Target

ffe035f33d38cb1bc022c2ed10454b6e_JaffaCakes118.exe
Size

919KB
MD5

ffe035f33d38cb1bc022c2ed10454b6e
SHA1

51ee4a877dbc5f9e4d5286e80db8bd00cf36e826
SHA256

4450663628a0c753268e8f2ea0c0168c74ccbf5c87c61c50f5ef1a045a07a705
SHA512

9e216fe5a5c5ebb89721d6e7011daa3b79640d4ae113b350f2bc3a20dcb2073b67cda66d440816492379d9d77957f4ec8a06c8b3ea2bdcb49116accf914dd28b
SSDEEP

24576:MDgyu+LVtxB7Rxv67vb2qMC13AlZ07tO6DvKpG5a7yT:GgaVtxB7Rxv6X3AlZ

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

172.16.9.101:9999

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\ffe035f33d38cb1bc022c2ed10454b6e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ffe035f33d38cb1bc022c2ed10454b6e_JaffaCakes118.exe"
1⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:4128

memory/4400-0-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/4400-1-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download