Behavioral task
behavioral1
Sample
6bc99c9259b0ca643f1b50bba8b89fe1_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6bc99c9259b0ca643f1b50bba8b89fe1_JaffaCakes118.dll
Resource
win10v2004-20240426-en
General
-
Target
6bc99c9259b0ca643f1b50bba8b89fe1_JaffaCakes118
-
Size
268KB
-
MD5
6bc99c9259b0ca643f1b50bba8b89fe1
-
SHA1
a0c30bbddf4748169fb12a31a6bd6f1edbf65b61
-
SHA256
c6bd354e37e1859fab140177e930ab7a2c2f3797e749b03631b76722c89627c8
-
SHA512
c604ba302b5937eff65a23409285851dc667393f4900570fec622674285d76b5262f4797a64df98591cba89fa2d985aa1331137d60513ed960f446e23f493922
-
SSDEEP
3072:sZrNm0q1UmGTUVjsY9vsVfYLVthu1aYYp1V92R1n6/0IU1D5nq6B:sqV+KDCVfenh+Qfg2/0V5n
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
Processes:
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6bc99c9259b0ca643f1b50bba8b89fe1_JaffaCakes118
Files
-
6bc99c9259b0ca643f1b50bba8b89fe1_JaffaCakes118.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
ы���� Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
э����� Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ћ���� Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
э����� Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ