Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 22:59

General

  • Target

    04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe

  • Size

    308KB

  • MD5

    04462045c47dd272d10a89f78c82b573

  • SHA1

    ebe93d36eaecb5bf2d9c86f1a6c623c9043fa446

  • SHA256

    14d7d42379fdfd4c49cc7f70ea1b9a1a6cd17c6fc274cf920c8020dfb7010e8c

  • SHA512

    5d7c6c8af6f63703358cae123217d0daccf00c08b1830771d45ac1a43ca2a3e29ba38c9e8bd2b60e3c5c3403b6a75e436607d452de000f494c6b14d69be140fe

  • SSDEEP

    6144:sDe2VXSMOeBiYKkiea/S3NiBXvz8Kwa/yrprmDpoljm:si2lSveBhjF30vANa/yrwl4m

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\SysWOW64\cmd.exe
      cmd
      2⤵
        PID:1736

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2992-0-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB