Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2024 08:37

General

  • Target

    05b9df650785b352737765de10929567_JaffaCakes118.exe

  • Size

    342KB

  • MD5

    05b9df650785b352737765de10929567

  • SHA1

    a6e97104f068f890e541fd47b769fe3f76eb75a3

  • SHA256

    65d5e3d6f233a393e6c4d11fa947f733f3109e005cc1f957abe2ab8d78dc6002

  • SHA512

    60101087e3c32f19e55da49faff3297be3fac5f45634bddf3f0473e89fae2c5cdd43150235a34dfe63f762778f4df68d1986a033d01dbb2a03dbc8637eb58d45

  • SSDEEP

    6144:tpKod6nRdvUBINfomJ4mlzVkWACp2gZIRIyghEL6eKOY1Pq:fKi2YmlzVTT2Wl1Pq

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://gloomix.com:443/jquery-3.3.1.slim.min.js

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\05b9df650785b352737765de10929567_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05b9df650785b352737765de10929567_JaffaCakes118.exe"
    1⤵
      PID:1036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1036-1-0x0000000000400000-0x0000000000556000-memory.dmp

      Filesize

      1.3MB

    • memory/1036-0-0x000000000043D000-0x0000000000441000-memory.dmp

      Filesize

      16KB

    • memory/1036-2-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

    • memory/1036-4-0x0000000000400000-0x0000000000556000-memory.dmp

      Filesize

      1.3MB