General
-
Target
25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118
-
Size
215KB
-
Sample
240704-we78rstand
-
MD5
25aee5485680831d3ac9cd91c0a50fc1
-
SHA1
46a70a31bef6c91505ae33d8f0cf7fb08081d1af
-
SHA256
d93e3907bcd495ba5bb17ec716b842ee984f3f6455f666163035583079fcdff1
-
SHA512
32f2fc7242ba1478eaaea424d5ec456b8637b5e0bfe792e26f26ef35c2c5558b3687ab49477db38100da431ae02e03cb9633381c2b27fe257097df250e210ee6
-
SSDEEP
6144:V6IgzziaycEA8PA+KGS5CdayPdUbHZzkqEvQIcOujsgu50:VMzz8ciEGSIayC5wqXIcOujsG
Static task
static1
Behavioral task
behavioral1
Sample
25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118
-
Size
215KB
-
MD5
25aee5485680831d3ac9cd91c0a50fc1
-
SHA1
46a70a31bef6c91505ae33d8f0cf7fb08081d1af
-
SHA256
d93e3907bcd495ba5bb17ec716b842ee984f3f6455f666163035583079fcdff1
-
SHA512
32f2fc7242ba1478eaaea424d5ec456b8637b5e0bfe792e26f26ef35c2c5558b3687ab49477db38100da431ae02e03cb9633381c2b27fe257097df250e210ee6
-
SSDEEP
6144:V6IgzziaycEA8PA+KGS5CdayPdUbHZzkqEvQIcOujsgu50:VMzz8ciEGSIayC5wqXIcOujsG
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-