General
-
Target
030e1abb75bddcf34360c8c0ef96c9e6_JaffaCakes118
-
Size
117KB
-
Sample
240622-vg2nbszcnm
-
MD5
030e1abb75bddcf34360c8c0ef96c9e6
-
SHA1
30b2ee23c912d451935213b7d8dc13b370012751
-
SHA256
35844c4426c0dff405b37573c0856b14152572589acde8a2a9dac466a8e434ee
-
SHA512
fb633433fd947280145368bd88346709fb5b938019d7f4db9000c6c2bceebedda77cc856783b6efff6475a11335893f0a65610c380a9f3b488161a80003d9bb1
-
SSDEEP
1536:/v9qZsQvh3qFg504p2XADvIITPLQ/M2o6cz8egkCTI0iym7HFBkKn3br5fLRNUR2:/wseqifV1zWjczk54fHFBkK3xLRK2
Static task
static1
Behavioral task
behavioral1
Sample
030e1abb75bddcf34360c8c0ef96c9e6_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
030e1abb75bddcf34360c8c0ef96c9e6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
030e1abb75bddcf34360c8c0ef96c9e6_JaffaCakes118
-
Size
117KB
-
MD5
030e1abb75bddcf34360c8c0ef96c9e6
-
SHA1
30b2ee23c912d451935213b7d8dc13b370012751
-
SHA256
35844c4426c0dff405b37573c0856b14152572589acde8a2a9dac466a8e434ee
-
SHA512
fb633433fd947280145368bd88346709fb5b938019d7f4db9000c6c2bceebedda77cc856783b6efff6475a11335893f0a65610c380a9f3b488161a80003d9bb1
-
SSDEEP
1536:/v9qZsQvh3qFg504p2XADvIITPLQ/M2o6cz8egkCTI0iym7HFBkKn3br5fLRNUR2:/wseqifV1zWjczk54fHFBkK3xLRK2
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-