Behavioral task
behavioral1
Sample
0486e60ab6e829ec199a4fef0876a546_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0486e60ab6e829ec199a4fef0876a546_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
0486e60ab6e829ec199a4fef0876a546_JaffaCakes118
-
Size
132KB
-
MD5
0486e60ab6e829ec199a4fef0876a546
-
SHA1
99ef3286f95bf24024686adb07dcd48f66e67930
-
SHA256
8f369c9c502820607029481caf83e5a470c5dfcf6ef0a2fc9b86198db21e5fdc
-
SHA512
1bc132a50153c5164cf48f8e2199fa5969d5a7f7bd3ae95841849cd97916a5acc792ea61e66465e09c8a4201be0de7c8a647329dc3f2b60b31ec20918e005866
-
SSDEEP
3072:8l8OXUyQPrRViImiUtsavtfqMUObkFlnFwtE:zOEyQPrQIalf2Oo9Z
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.206.136:43287
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0486e60ab6e829ec199a4fef0876a546_JaffaCakes118
Files
-
0486e60ab6e829ec199a4fef0876a546_JaffaCakes118.exe windows:4 windows x86 arch:x86
834a107ad82ab45d9b44d283c7d4b679
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
pdh
PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
netapi32
NetServerEnum
NetApiBufferFree
ws2_32
gethostname
gethostbyname
inet_ntoa
WSAStartup
kernel32
GetLogicalDrives
SetErrorMode
GetLastError
SetLastError
Sleep
GetTickCount
CloseHandle
CreateFileW
FreeLibrary
LocalFree
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
LockResource
SizeofResource
LoadResource
FindResourceW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
TerminateThread
WaitForSingleObject
MultiByteToWideChar
GetCurrentProcess
GetVersion
GetModuleFileNameW
ReadFile
GetProcAddress
LoadLibraryW
GetDateFormatW
FileTimeToSystemTime
GetTimeFormatW
FileTimeToLocalFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetCPInfo
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
GetACP
GetOEMCP
DeleteFileW
SetStdHandle
SetFilePointer
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RtlUnwind
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
CreateFileA
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
LCMapStringA
advapi32
RegEnumKeyW
RegConnectRegistryW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
ole32
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
mpr
WNetAddConnection2W
WNetCancelConnection2W
Sections
.text Size: 56KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ