General
-
Target
09a106c7b87678866f8eccd3629a0a14_JaffaCakes118
-
Size
80KB
-
Sample
240620-1vx5ysshrr
-
MD5
09a106c7b87678866f8eccd3629a0a14
-
SHA1
d56463efd14a645f9b6271389da08050986857de
-
SHA256
6172fd3befc96423cc162630f7c05666f0f4680313a88b1b982a0e0e92280b22
-
SHA512
a933def205945604c8ea06d6f1f8508148813f9ccb01e35f4f9d394678d66c8ec994cac83f139e38c98944bb97655b1a412565598b1693acecf27e64162e1169
-
SSDEEP
1536:Fwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Fwhzy8fhi8w2dHALE5hSlMzbX9NG
Static task
static1
Behavioral task
behavioral1
Sample
09a106c7b87678866f8eccd3629a0a14_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
09a106c7b87678866f8eccd3629a0a14_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
09a106c7b87678866f8eccd3629a0a14_JaffaCakes118
-
Size
80KB
-
MD5
09a106c7b87678866f8eccd3629a0a14
-
SHA1
d56463efd14a645f9b6271389da08050986857de
-
SHA256
6172fd3befc96423cc162630f7c05666f0f4680313a88b1b982a0e0e92280b22
-
SHA512
a933def205945604c8ea06d6f1f8508148813f9ccb01e35f4f9d394678d66c8ec994cac83f139e38c98944bb97655b1a412565598b1693acecf27e64162e1169
-
SSDEEP
1536:Fwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Fwhzy8fhi8w2dHALE5hSlMzbX9NG
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-