General
-
Target
074b815d9ded01b516a62e3b739caa10_JaffaCakes118
-
Size
152KB
-
Sample
240620-sxa47svcja
-
MD5
074b815d9ded01b516a62e3b739caa10
-
SHA1
ecaac45ab370e440f038b7bb935beb8b89447081
-
SHA256
cc333ce127f7e39aa28e3ea19afb69c1dd6c8e2d0f74dde941ab533e86c1ec3d
-
SHA512
eb8dbce15bc20b5483bc85bdfce2c160d247ca7ee5d896d9977ecc379785f9b3f3482e5461f54d21b2a3c73bef347fab4eb64a985e7087d1174b899d0f5f0866
-
SSDEEP
3072:XdMGZMG9D2nouXWaaNawyUbbGHFUSVMZH6tDIY:5ZMwvaUauarVMHc
Static task
static1
Behavioral task
behavioral1
Sample
074b815d9ded01b516a62e3b739caa10_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
074b815d9ded01b516a62e3b739caa10_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
074b815d9ded01b516a62e3b739caa10_JaffaCakes118
-
Size
152KB
-
MD5
074b815d9ded01b516a62e3b739caa10
-
SHA1
ecaac45ab370e440f038b7bb935beb8b89447081
-
SHA256
cc333ce127f7e39aa28e3ea19afb69c1dd6c8e2d0f74dde941ab533e86c1ec3d
-
SHA512
eb8dbce15bc20b5483bc85bdfce2c160d247ca7ee5d896d9977ecc379785f9b3f3482e5461f54d21b2a3c73bef347fab4eb64a985e7087d1174b899d0f5f0866
-
SSDEEP
3072:XdMGZMG9D2nouXWaaNawyUbbGHFUSVMZH6tDIY:5ZMwvaUauarVMHc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-