Extracted

• • Target

    4b7607ecb8b4a2f2e3d7ec627d57fe34_JaffaCakes118

  • Size

    67KB

  • MD5

    4b7607ecb8b4a2f2e3d7ec627d57fe34

  • SHA1

    a9d53183b7b49a1498167520fffd2f03d6069297

  • SHA256

    2db072302cacc997688089470a4365a699e495fe98839b8ae9d983365f5c4788

  • SHA512

    a9ebdabe808d370ad62fc749a51baba06e9bdf7b188a098b7c1635e7e670cbb21b6f4b00075033f784a0541b3024570da382c3aa8e4cfc9319947c1adc5dae73

  • SSDEEP

    1536:iSA2yu7v/exwZne5PTdZserDMmVjIyk3:YOb/ne5PvNAmVXk3

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2