General
-
Target
637f7cfaff1bca03dcd61c4038826104_JaffaCakes118
-
Size
266KB
-
Sample
240722-rkj1xa1fqe
-
MD5
637f7cfaff1bca03dcd61c4038826104
-
SHA1
9921310fa81c7d6cd1fa8a828cb5e312fc5de723
-
SHA256
731c0b3b7f3a54b6ee5d666b714eacf7c888b6652e9557088704bbf6181ce080
-
SHA512
95e44ac9c039a9f7ae2d65149880581439a085d3db05248b560a4256933a1f16a2039b771450126669934d861a4ab2b5d542716f00121e558a87b77ad3f3410d
-
SSDEEP
3072:lA+SELsvLvfADStEvuexgoSRGqkNhjH3OnhpJwhS8l2VI6+:l74LWvmPRqTjefM16
Static task
static1
Behavioral task
behavioral1
Sample
637f7cfaff1bca03dcd61c4038826104_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
637f7cfaff1bca03dcd61c4038826104_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
637f7cfaff1bca03dcd61c4038826104_JaffaCakes118
-
Size
266KB
-
MD5
637f7cfaff1bca03dcd61c4038826104
-
SHA1
9921310fa81c7d6cd1fa8a828cb5e312fc5de723
-
SHA256
731c0b3b7f3a54b6ee5d666b714eacf7c888b6652e9557088704bbf6181ce080
-
SHA512
95e44ac9c039a9f7ae2d65149880581439a085d3db05248b560a4256933a1f16a2039b771450126669934d861a4ab2b5d542716f00121e558a87b77ad3f3410d
-
SSDEEP
3072:lA+SELsvLvfADStEvuexgoSRGqkNhjH3OnhpJwhS8l2VI6+:l74LWvmPRqTjefM16
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-