General
-
Target
29071ecdc32df793fff7a97014d43892_JaffaCakes118
-
Size
1.2MB
-
Sample
240706-v7rk2szaqa
-
MD5
29071ecdc32df793fff7a97014d43892
-
SHA1
c7f66bb1df2f9c1637e9f7ce4e03798200451ead
-
SHA256
0047e5737af475260535b230dc4951919ba3748e3ad1b41514805a8a68f4cbd3
-
SHA512
4364644107eb4561352f8693083c2667487102c6c56d0267a026cf34a58eaa66ada34b7abf6b32a8832f921dbf8d42a40459cfc4bb9e98f04de6f53111b501de
-
SSDEEP
12288:9Deq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:9n5rwgxG6TSPGEU7VqvLFyIna
Static task
static1
Behavioral task
behavioral1
Sample
29071ecdc32df793fff7a97014d43892_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
29071ecdc32df793fff7a97014d43892_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
29071ecdc32df793fff7a97014d43892_JaffaCakes118
-
Size
1.2MB
-
MD5
29071ecdc32df793fff7a97014d43892
-
SHA1
c7f66bb1df2f9c1637e9f7ce4e03798200451ead
-
SHA256
0047e5737af475260535b230dc4951919ba3748e3ad1b41514805a8a68f4cbd3
-
SHA512
4364644107eb4561352f8693083c2667487102c6c56d0267a026cf34a58eaa66ada34b7abf6b32a8832f921dbf8d42a40459cfc4bb9e98f04de6f53111b501de
-
SSDEEP
12288:9Deq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:9n5rwgxG6TSPGEU7VqvLFyIna
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-