General
-
Target
2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118
-
Size
116KB
-
Sample
240704-1cgp9asdlf
-
MD5
2647cac2fdf6f73ccf10caeda92b594f
-
SHA1
d1d6e9548ed88bb03fe45b0d36572ee0f3c10ed5
-
SHA256
bedf00dd91cdd0fdc2182d2fd67ea29ed428975be7b6de243c1ea81a3d9c92b1
-
SHA512
7e1d4360acd7dd059b6baf16eae25c3db4abba07f88ee43f7ce340adb5feff8e4fcf320bd7488e1e4e3a0e2f602d8b167623475c736fb503f71baff1381e0024
-
SSDEEP
3072:hwsRj+fN6YYhXB3qo+ESyj8SvxH7YaanzAk:2zfN6L3qJEXj8SpHRIZ
Static task
static1
Behavioral task
behavioral1
Sample
2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118
-
Size
116KB
-
MD5
2647cac2fdf6f73ccf10caeda92b594f
-
SHA1
d1d6e9548ed88bb03fe45b0d36572ee0f3c10ed5
-
SHA256
bedf00dd91cdd0fdc2182d2fd67ea29ed428975be7b6de243c1ea81a3d9c92b1
-
SHA512
7e1d4360acd7dd059b6baf16eae25c3db4abba07f88ee43f7ce340adb5feff8e4fcf320bd7488e1e4e3a0e2f602d8b167623475c736fb503f71baff1381e0024
-
SSDEEP
3072:hwsRj+fN6YYhXB3qo+ESyj8SvxH7YaanzAk:2zfN6L3qJEXj8SpHRIZ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-