Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-06-2024 22:59
Behavioral task
behavioral1
Sample
04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe
-
Size
308KB
-
MD5
04462045c47dd272d10a89f78c82b573
-
SHA1
ebe93d36eaecb5bf2d9c86f1a6c623c9043fa446
-
SHA256
14d7d42379fdfd4c49cc7f70ea1b9a1a6cd17c6fc274cf920c8020dfb7010e8c
-
SHA512
5d7c6c8af6f63703358cae123217d0daccf00c08b1830771d45ac1a43ca2a3e29ba38c9e8bd2b60e3c5c3403b6a75e436607d452de000f494c6b14d69be140fe
-
SSDEEP
6144:sDe2VXSMOeBiYKkiea/S3NiBXvz8Kwa/yrprmDpoljm:si2lSveBhjF30vANa/yrwl4m
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
04462045c47dd272d10a89f78c82b573_JaffaCakes118.exedescription pid process target process PID 2992 wrote to memory of 1736 2992 04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe cmd.exe PID 2992 wrote to memory of 1736 2992 04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe cmd.exe PID 2992 wrote to memory of 1736 2992 04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe cmd.exe PID 2992 wrote to memory of 1736 2992 04462045c47dd272d10a89f78c82b573_JaffaCakes118.exe cmd.exe