Behavioral task
behavioral1
Sample
92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
template.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
template.exe
Resource
win10v2004-20240508-en
General
-
Target
92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118
-
Size
3KB
-
MD5
92e7f06b1114fb53e9fe7257585d3f84
-
SHA1
ae7e1699c607aa83574108f8274ff8488c4b2cec
-
SHA256
9b23ac3682a2849fef0df636b8cdff76f09b6edd8241a2a87918a97f7705a928
-
SHA512
e51460acc7c479b21ff789ede52c460fd93c5e18dff4f477590619608e99a29bc715f15bbaebe70aef1e9fa40ab00080a56015ca2eec184c0c5145daa884a033
Malware Config
Extracted
metasploit
metasploit_stager
192.168.0.0:5555
Signatures
-
Metasploit family
-
PDF contains JavaScript
Detects presence of JavaScript in PDF files.
-
PDF contains one or more embedded files
Detects presence of embedded files in PDF files.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/template.pdf
Files
-
92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118.pdf
-
template.pdf.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bdst Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE