General
-
Target
63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118
-
Size
511KB
-
Sample
240722-t9q7maxgln
-
MD5
63f8a237f7fc1cada034cf68e0b72f48
-
SHA1
c5955634d1b61561ebee0aeb135296ac0c8c6f03
-
SHA256
1f3c72c1849cf5c148f43c9b19cec18fb74f28711d4f1db975e4727e2c072023
-
SHA512
36d709106b204743fa2e6d3900837cce4236c9b437ff375807a83fb8dad03a4cb6171b70acbcb44884fa6ebecf26a7d6e5310a839ccd3c0c863667ee9b42ffe9
-
SSDEEP
12288:3IFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:3oesOIK/2kgS2TyctTnT3+
Static task
static1
Behavioral task
behavioral1
Sample
63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118
-
Size
511KB
-
MD5
63f8a237f7fc1cada034cf68e0b72f48
-
SHA1
c5955634d1b61561ebee0aeb135296ac0c8c6f03
-
SHA256
1f3c72c1849cf5c148f43c9b19cec18fb74f28711d4f1db975e4727e2c072023
-
SHA512
36d709106b204743fa2e6d3900837cce4236c9b437ff375807a83fb8dad03a4cb6171b70acbcb44884fa6ebecf26a7d6e5310a839ccd3c0c863667ee9b42ffe9
-
SSDEEP
12288:3IFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:3oesOIK/2kgS2TyctTnT3+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-