Extracted

• • Target

    14d85810387c0e7379a0065e0111e0f6_JaffaCakes118

  • Size

    200KB

  • MD5

    14d85810387c0e7379a0065e0111e0f6

  • SHA1

    bd50f01691c3cd4621325ca63a24578d93f90662

  • SHA256

    e10fcb4c0822ad0ca39c7c08d53ef9b595f2b35e806169fb5463ff9ee51feb27

  • SHA512

    0bb22d29306aefd9b6c3f63a915bc3a8dda0aed4274320d21d03a3aeb92dc07b3b4edb2003e32b0611db77bf759141de6573cd063714c61411b6d5a2325f6b03

  • SSDEEP

    3072:gUjx9+9friBq8C2TjfkrzsxsX5rfFgQ0HQx75Ap8CS/WqlIHKE:jYfriQ8C0jfkrzmsp5t0aFA27

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2