Behavioral task
behavioral1
Sample
17ce907d1785b87337b50c42c709efc7_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
17ce907d1785b87337b50c42c709efc7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
17ce907d1785b87337b50c42c709efc7_JaffaCakes118
-
Size
1024B
-
MD5
17ce907d1785b87337b50c42c709efc7
-
SHA1
7036fd98744652aa432c88df47b6c9330b09f3e1
-
SHA256
003dadf61c7632e65e079f351eb086f8f2291193ecdcdbafdc182b7ba3b48746
-
SHA512
8041e9495ffb958520bb50fb956c0382935295b582cecab0eb68ef769fd7ed0dac75b497133fd7f180934601203f23f8bbdf883c4c11bf33464955b84fa6ebde
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.0.66:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 17ce907d1785b87337b50c42c709efc7_JaffaCakes118
Files
-
17ce907d1785b87337b50c42c709efc7_JaffaCakes118.exe windows:5 windows x86 arch:x86
f9ade0aa18f660a34a4fa23392e21838
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
Sections
.text Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE