General
-
Target
096d486cd29f082ee50668f6cd2d7d3e_JaffaCakes118
-
Size
71KB
-
Sample
240620-zpekzsxbjb
-
MD5
096d486cd29f082ee50668f6cd2d7d3e
-
SHA1
60f4f23fcb0ccfb7503361a0314d61b4aebc6ea2
-
SHA256
a06ead5801017f80f7699311741d94a592b3902112be11c1bf16447af267d48f
-
SHA512
225cc047c82f5c14d01b87468b268689b2e1e00d268d31cd80ed6b34cdd8bf72bde8328a200cfdb821d2cf3316cf3a844c0d0d54d68f8d74501fecfa5ec97cab
-
SSDEEP
1536:4JzS/uiEt1l9VpYg8LT8la6qdMCIPDIBnIOm/uOHBwPDxrdDDfjkS/uwn4Jd1mxu:4JECt1l9Vpf8LYa6qdMCIPDIBnM/TwPy
Behavioral task
behavioral1
Sample
096d486cd29f082ee50668f6cd2d7d3e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
096d486cd29f082ee50668f6cd2d7d3e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
096d486cd29f082ee50668f6cd2d7d3e_JaffaCakes118
-
Size
71KB
-
MD5
096d486cd29f082ee50668f6cd2d7d3e
-
SHA1
60f4f23fcb0ccfb7503361a0314d61b4aebc6ea2
-
SHA256
a06ead5801017f80f7699311741d94a592b3902112be11c1bf16447af267d48f
-
SHA512
225cc047c82f5c14d01b87468b268689b2e1e00d268d31cd80ed6b34cdd8bf72bde8328a200cfdb821d2cf3316cf3a844c0d0d54d68f8d74501fecfa5ec97cab
-
SSDEEP
1536:4JzS/uiEt1l9VpYg8LT8la6qdMCIPDIBnIOm/uOHBwPDxrdDDfjkS/uwn4Jd1mxu:4JECt1l9Vpf8LYa6qdMCIPDIBnM/TwPy
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2