Extracted

• • Target

    d1a477fb74e3e237afe9892469c79c44_JaffaCakes118

  • Size

    328KB

  • MD5

    d1a477fb74e3e237afe9892469c79c44

  • SHA1

    c243d00ff335bdd380af3a83972da8428b890aca

  • SHA256

    cb7f92b6fef74071d72d6fcbe19bc0839ee58948a667e0d5ad166b2f06388677

  • SHA512

    5ba3324fa67338d6dbc5774d007b2d12c98af01eb6c5fcfa45ca298d71f827ee58211506a58c0f12c129a3f5bfa0300dfdb98b3619e629c920d142595549456e

  • SSDEEP

    6144:Glico2wnMSny0XMWsiODopRj01d2LrtfT8:GS2UncWhpRjlLrtf

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2