Extracted

• • Target

    27741e396045ff762288d6d0e384358e_JaffaCakes118

  • Size

    80KB

  • MD5

    27741e396045ff762288d6d0e384358e

  • SHA1

    2e88e014264b28eb025385686763ae66a32191aa

  • SHA256

    324fb02e7aabaae28dced39d680c0819cb3986908726088a6584e572f745c9da

  • SHA512

    6ba2da28922a9219c2611800c45446ee1aaa0e2729bbd8599f9f44bdf9e3cb269ced9f5c33c0352082603e0b107015e760b27597e9799b165fc15d8e4bcf2f0d

  • SSDEEP

    1536:/gWgWt5NCgrLvk6JKLe7+nB7stedqiDV8Z3anehf9jMSEgluqdJ:4Wlt5sgAyABwtedqRxVjXVdJ

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2