General
-
Target
033978a659dc664d1411cd737fae0201_JaffaCakes118
-
Size
4.6MB
-
Sample
240622-wctycs1fjr
-
MD5
033978a659dc664d1411cd737fae0201
-
SHA1
fe9f9f23329e0a56f3deb225ea835fac2d9900e1
-
SHA256
647499a6f001676732aad9b85b2045e0375b1e2005891772eb190bd21b01022c
-
SHA512
100b535b57052e21a24a610373cdaba8c813c4e41e60f95d506da20e75f7cbfcfe1674989423d65a0278a083641c2c25ff3c822e924986342c84085a6dbafa26
-
SSDEEP
3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6
Behavioral task
behavioral1
Sample
033978a659dc664d1411cd737fae0201_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
033978a659dc664d1411cd737fae0201_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
033978a659dc664d1411cd737fae0201_JaffaCakes118
-
Size
4.6MB
-
MD5
033978a659dc664d1411cd737fae0201
-
SHA1
fe9f9f23329e0a56f3deb225ea835fac2d9900e1
-
SHA256
647499a6f001676732aad9b85b2045e0375b1e2005891772eb190bd21b01022c
-
SHA512
100b535b57052e21a24a610373cdaba8c813c4e41e60f95d506da20e75f7cbfcfe1674989423d65a0278a083641c2c25ff3c822e924986342c84085a6dbafa26
-
SSDEEP
3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1