General
-
Target
0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118
-
Size
50KB
-
Sample
240621-j51v6asfjd
-
MD5
0a73abbf4d1badf83344b5e085ee9b24
-
SHA1
3f453068f0c1a0e5fab20b7933ec93d58c0b1071
-
SHA256
86f906e1342dc1e1bbfa15358cfad2bd41143459974bc300b6e98bf7b4b8f69e
-
SHA512
6d96fd4ec1cea248a47e7864f99dd036ee136b823c6612392b1be485aac4e756dbff4cab3d505239862b6e98cc50b5ff37b419427bf943cb7847e1e9e9eec149
-
SSDEEP
768:gRkBqdwOEZaSnctBLK/5w7XGjYf03T3u8mD:gRzw/ZaSnctBK/uXG0S3uz
Static task
static1
Behavioral task
behavioral1
Sample
0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118
-
Size
50KB
-
MD5
0a73abbf4d1badf83344b5e085ee9b24
-
SHA1
3f453068f0c1a0e5fab20b7933ec93d58c0b1071
-
SHA256
86f906e1342dc1e1bbfa15358cfad2bd41143459974bc300b6e98bf7b4b8f69e
-
SHA512
6d96fd4ec1cea248a47e7864f99dd036ee136b823c6612392b1be485aac4e756dbff4cab3d505239862b6e98cc50b5ff37b419427bf943cb7847e1e9e9eec149
-
SSDEEP
768:gRkBqdwOEZaSnctBLK/5w7XGjYf03T3u8mD:gRzw/ZaSnctBK/uXG0S3uz
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-