Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 10:20
Behavioral task
behavioral1
Sample
0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe
-
Size
149KB
-
MD5
0518bd2304da3b547bd835835a7b5b50
-
SHA1
417cf93748c13f5c9118b816ebe588d4a7a4190b
-
SHA256
5500b1840f178ef2d06d799dfff606d58078f72d648bba1cf4a8799706302b5d
-
SHA512
ea1ed6d5800bbec0a8bcbc9f11ef9c6e0df0045c10a56b858f755c47f5fb285afd6e2f7a94f48e40535289b6c061734cf24a55ae444c2f62e5b30ed3bdfc14e1
-
SSDEEP
3072:hQEV4OU6aOQCcgufvoU2zzz4gEHKXpinbnbjKObJ+Ls697/jH:hxV4U+vZ2r4gPpinbbjzbJ+Ls69D
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral2/memory/1496-0-0x0000000000400000-0x000000000043D000-memory.dmp upx behavioral2/memory/1496-2-0x0000000000400000-0x000000000043D000-memory.dmp upx -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 1036 1496 WerFault.exe 0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe 1216 1496 WerFault.exe 0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0518bd2304da3b547bd835835a7b5b50_JaffaCakes118.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 4842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 4922⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1496 -ip 14961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1496 -ip 14961⤵