Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10-05-2024 19:39
General
-
Target
30b76944bb425839c64348014df8280a_JaffaCakes118.dll
-
Size
116KB
-
MD5
30b76944bb425839c64348014df8280a
-
SHA1
43332486a42e6d6270bb475c258f99840af4b2b7
-
SHA256
4ac29f1bbaa3070b5bc30ec7c29abaa258f7e34434fc0239f0241013df22ccbf
-
SHA512
5cce0ccc7fa82ed2a00aa6a0e782a5630d63b7bcd682b5f4e6133c4d54c90489df1ded2e6bc95c37c9a5ed0d5eec5a42bb4bbefebd30970716aca6e7e6088e0a
-
SSDEEP
1536:GBdqoM5n+pEq6MwuLz4UqQjUsWCcdA60pB7wW7BvrrVPeOvMnDkEpTTUo:GB1pSMwuxqUiA60pB7tZrrV2HThT5
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30b76944bb425839c64348014df8280a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30b76944bb425839c64348014df8280a_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3552-0-0x0000000060000000-0x000000006000A000-memory.dmpFilesize
40KB
-
memory/5968-4-0x0000000000D53000-0x0000000000D56000-memory.dmpFilesize
12KB