metasploit | cc5bf04bf45a64b27d2c108fa4c8f3fa098eadc97c13f3a97e9a9e4d5a702d37

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 11:13

Target

38e0dcbfb5571453953439e120a892af_JaffaCakes118.dll
Size

208KB
MD5

38e0dcbfb5571453953439e120a892af
SHA1

23a93126bb6e8ab8fe9640365082bcf469b6a18f
SHA256

cc5bf04bf45a64b27d2c108fa4c8f3fa098eadc97c13f3a97e9a9e4d5a702d37
SHA512

0018ca18e06923a4540757fb1a31966f9f8739dd73d83b915fc92e9c6cf79405edc1b34901616d728b9d3debebae19a9cf95296ff43cce00d6696dd7f47dce4c
SSDEEP

3072:EY/k2yr46q3n+TotNY/k2yr46q3n+TotU:EYa46q3WovYa46q3Woq

Score

10^/10

Family

metasploit

Version

encoder/fnstenv_mov

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e0dcbfb5571453953439e120a892af_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e0dcbfb5571453953439e120a892af_JaffaCakes118.dll,#1
  2⤵
  PID:2004

memory/2004-0-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download
memory/2004-1-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2004-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download