Behavioral task
behavioral1
Sample
8cd2b913d099ac3548f8c1beae5700c1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8cd2b913d099ac3548f8c1beae5700c1_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
8cd2b913d099ac3548f8c1beae5700c1_JaffaCakes118
-
Size
7KB
-
MD5
8cd2b913d099ac3548f8c1beae5700c1
-
SHA1
0c819ea3a998fe655fdf5ccd3b6443ca91bcc3bd
-
SHA256
bd358e9a26bea2e9fc870441ac98483becfb46f6f18d5ab0bd49358e53fb8796
-
SHA512
b0ae5c1813b8ecdeaa98d510f76eed6861b2d1063bae68d5b29341423d7c5415a3fdadff9fb8de969538d5d1075ac6256a1db9f54d51c7bc083c52fdc582226c
-
SSDEEP
24:eFGStrJ9u0/6PGJnZdkBQAVoaYNq9KZqxeNDMSCvOXpmB:is0/ZkBQVts9DSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
152.32.254.206:9088
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 8cd2b913d099ac3548f8c1beae5700c1_JaffaCakes118
Files
-
8cd2b913d099ac3548f8c1beae5700c1_JaffaCakes118.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.uvde Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE