Extracted

• • Target

    326f4d706e35367ea914b991700c849d_JaffaCakes118

  • Size

    57KB

  • MD5

    326f4d706e35367ea914b991700c849d

  • SHA1

    44213fc5e24c8041380d60aac1d211bc574a0211

  • SHA256

    cb7d950126a8b6cf714d79bce17eb27b9c3f25e6301654531976fefbdfe8749d

  • SHA512

    0cda0fcfc7b8ecaba6f4610064c25c540b18b8560b62e91d28f173d2d9198106beb1d25e6a013b4fc46859a708aab7ae7a3722879f72189933e819cb3cfe5e68

  • SSDEEP

    768:zYdI0kc7Lsy1lH3FXll6yOdCYfkFYDG4rcor4JDDSVIr0ihR:kyi7LD15VleCYcoQorwDDS1ih

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2