General
-
Target
0026a8945cef91524dd6cc96a621625d_JaffaCakes118
-
Size
208KB
-
Sample
240619-x8b8vsybje
-
MD5
0026a8945cef91524dd6cc96a621625d
-
SHA1
2374009a714bcd84451514497e3584a2675a7787
-
SHA256
487e8eac49a43cd8d8920a42cfa84dff911afc4dfc827ce122321bc4b67af2d8
-
SHA512
6df237e7b71dc8ccd675d67a8f037231bd14df1b86b2edd18266b54504dc97be87e347fba0c5e55977245b0891141cc2b2c0d9b4f141d4914439302fceb0ffb8
-
SSDEEP
3072:TKRHfMGtt/EyroaxRIyhMgCSctc40x0CJLORhBYCx8T04cVn:TKRHfMMfrhxRSO40x0CgbBJycVn
Static task
static1
Behavioral task
behavioral1
Sample
0026a8945cef91524dd6cc96a621625d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0026a8945cef91524dd6cc96a621625d_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
0026a8945cef91524dd6cc96a621625d_JaffaCakes118
-
Size
208KB
-
MD5
0026a8945cef91524dd6cc96a621625d
-
SHA1
2374009a714bcd84451514497e3584a2675a7787
-
SHA256
487e8eac49a43cd8d8920a42cfa84dff911afc4dfc827ce122321bc4b67af2d8
-
SHA512
6df237e7b71dc8ccd675d67a8f037231bd14df1b86b2edd18266b54504dc97be87e347fba0c5e55977245b0891141cc2b2c0d9b4f141d4914439302fceb0ffb8
-
SSDEEP
3072:TKRHfMGtt/EyroaxRIyhMgCSctc40x0CJLORhBYCx8T04cVn:TKRHfMMfrhxRSO40x0CgbBJycVn
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Impair Defenses
1Disable or Modify System Firewall
1