metasploit | 0fa10535009f401320ee107d099f65e0c34ad5c1be39fbc6657e2007c45da365 | Triage

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 22:54

Sharing

Report Analysis Logs

General

Target

36f9dbf2b3b4045153a5b37020b1c49e_JaffaCakes118.exe
Size

15KB
MD5

36f9dbf2b3b4045153a5b37020b1c49e
SHA1

10b8d331844f041808a1bb52331c72e8eb5fcb2b
SHA256

0fa10535009f401320ee107d099f65e0c34ad5c1be39fbc6657e2007c45da365
SHA512

5dfa4f417380c0a8deb0689a0229273db91f3421072f2fb3aee8a57ad982bb5c3b13ec21ddedaada428953a9ecf0fe52a312074f5b73b0aaac2a05190b30f945
SSDEEP

384:zLU/8QeJUc4XNdz9zzlq/nKnWShGeaqrt:nUcedz94/DShb

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://opesmsploit.ddns.net:53/XpZX

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/644-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/644-2-0x0000000000400000-0x000000000040C000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\36f9dbf2b3b4045153a5b37020b1c49e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\36f9dbf2b3b4045153a5b37020b1c49e_JaffaCakes118.exe"
1⤵
PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/644-2-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download