Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-06-2024 05:05
Behavioral task
behavioral1
Sample
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
-
Size
58KB
-
MD5
0541f52181897f5716033fee5b2eaf34
-
SHA1
b9e420ddb43e5e43cb92e9e299311988ff4dbc97
-
SHA256
ad53990eca9fddf949020ae7a53e2549dc35a57a449a828eac33c0d563e16c38
-
SHA512
0fc8a095c4e42e5d7769a7401d620270d13dca82980bec3eafc4e9dd49abcbb5597f74c9158f46b59a5c0c63718bc847d09f6133a63de8267554c99e731f81d9
-
SSDEEP
768:oY0JV7zP9lGsSRAwxmkveRJrOvMBo2e4u1a9MeIaDh+Ef8YlgTgLEl2lojubvCnT:ozv7zCs4XgrH/iazvGT2l
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself 1 IoCs
Processes:
ting.exepid process 1004 ting.exe -
Executes dropped EXE 1 IoCs
Processes:
ting.exepid process 1004 ting.exe -
Drops file in Windows directory 2 IoCs
Processes:
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exedescription ioc process File created C:\Windows\system\ting.exe 0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe File opened for modification C:\Windows\system\ting.exe 0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
PID:1264
-
C:\Windows\system\ting.exe"C:\Windows\system\ting.exe"1⤵
- Deletes itself
- Executes dropped EXE
PID:1004
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD50541f52181897f5716033fee5b2eaf34
SHA1b9e420ddb43e5e43cb92e9e299311988ff4dbc97
SHA256ad53990eca9fddf949020ae7a53e2549dc35a57a449a828eac33c0d563e16c38
SHA5120fc8a095c4e42e5d7769a7401d620270d13dca82980bec3eafc4e9dd49abcbb5597f74c9158f46b59a5c0c63718bc847d09f6133a63de8267554c99e731f81d9