Overview

overview

10

Static

static

3

5a778a01ac...18.exe

windows7-x64

10

5a778a01ac...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 04:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5a778a01ac8ac7c7a362a3a657bf855d_JaffaCakes118.exe

  • Size

    163KB

  • MD5

    5a778a01ac8ac7c7a362a3a657bf855d

  • SHA1

    521ae1af3e71126b6d69b2ad480ad3e1b85be995

  • SHA256

    f8202c25c436977c98e3ee8fb268bdf109173fe76b0df04cbb1787f50122790e

  • SHA512

    3e912d696e4bb9516714d376dd14ae388b25c433626db65fb61f6028aada291a8449a56255f378f6022d6cb307022af253a061d97fd6bd2e32f3975375886ebb

  • SSDEEP

    3072:3HHIo1PWWpYZX6YyXV2hSHHgujgYj+aWuoFf/psLNQns+DQB5:3I6uW6AZXV2h8Hg+gvruCnps7

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a778a01ac8ac7c7a362a3a657bf855d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5a778a01ac8ac7c7a362a3a657bf855d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4852

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4852-0-0x0000000000400000-0x00000000004C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/4852-2-0x0000000000400000-0x00000000004C4000-memory.dmp

          Filesize

          784KB

          Download