General
-
Target
8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118
-
Size
290KB
-
Sample
240602-s6tb5sfh3x
-
MD5
8e97fb9ae61276078d02a0f96796b53e
-
SHA1
1ef4f6d7a8bf28e855458f55ccbaa322152ffffd
-
SHA256
aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47
-
SHA512
6fcd0a8680c3836f796bf81e27e9273c648c81dac8c6deac235d259ba648abb03372e615e987c361b33898f17773d9287cf8c1040b15c11bd50e1bc455759e38
-
SSDEEP
1536:8AFNU2ieWA0KTSclQdhJ7SzvYSD538zR+pek0cSWpXjybt4KK:8AFseWDclQdhYzvDz89K
Behavioral task
behavioral1
Sample
8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
metasploit
windows/download_exec
http://165.22.71.42:80/aU1u
- headers User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118
-
Size
290KB
-
MD5
8e97fb9ae61276078d02a0f96796b53e
-
SHA1
1ef4f6d7a8bf28e855458f55ccbaa322152ffffd
-
SHA256
aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47
-
SHA512
6fcd0a8680c3836f796bf81e27e9273c648c81dac8c6deac235d259ba648abb03372e615e987c361b33898f17773d9287cf8c1040b15c11bd50e1bc455759e38
-
SSDEEP
1536:8AFNU2ieWA0KTSclQdhJ7SzvYSD538zR+pek0cSWpXjybt4KK:8AFseWDclQdhYzvDz89K
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-