General
-
Target
297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118
-
Size
114KB
-
Sample
240706-2sx8lsxgmh
-
MD5
297d328be2ffbfaf58b141c26cb20cfa
-
SHA1
e50e69255c75d52ed90e3d0b418c3466579fef55
-
SHA256
f50018690b00bccef1a410698d03a3768e462bcc05bff2f4ed4efa5d7f0fb41a
-
SHA512
f6cf3219a07f97b4a720cc480c068c59707d313e6399228f947a4566732a42c57914680b97cd2f3a89ed7558ff73c5d5bff55eac3fad23ed4f92e5008e29a0b8
-
SSDEEP
1536:Rv9qZsQv4JgFpMTdYAdQH4kd3Eqd0oTHt9bJbn2wMUlnZGgSTe891kFUZgwTud:RwsiLMdQYI3E2jzlbn2jSGgSTZGU2d
Static task
static1
Behavioral task
behavioral1
Sample
297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118
-
Size
114KB
-
MD5
297d328be2ffbfaf58b141c26cb20cfa
-
SHA1
e50e69255c75d52ed90e3d0b418c3466579fef55
-
SHA256
f50018690b00bccef1a410698d03a3768e462bcc05bff2f4ed4efa5d7f0fb41a
-
SHA512
f6cf3219a07f97b4a720cc480c068c59707d313e6399228f947a4566732a42c57914680b97cd2f3a89ed7558ff73c5d5bff55eac3fad23ed4f92e5008e29a0b8
-
SSDEEP
1536:Rv9qZsQv4JgFpMTdYAdQH4kd3Eqd0oTHt9bJbn2wMUlnZGgSTe891kFUZgwTud:RwsiLMdQYI3E2jzlbn2jSGgSTZGU2d
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-