Extracted

• • Target

    d1f216543a5037362775a8bd55112556_JaffaCakes118

  • Size

    171KB

  • MD5

    d1f216543a5037362775a8bd55112556

  • SHA1

    0790c357e5409b493452b7caff029338b8221893

  • SHA256

    28e2c406927263fcc241888e98004a9345ac5717a89efe57d36b726cc1c4e864

  • SHA512

    63ab666a8d39b525fc88801f7d96bbc182fd51e9c38cba509ab0a53b91c09ce0b5a9ba9c591393c189d20ace5d39a07f9db7ad24fb00e4b0de489dc06c6a7908

  • SSDEEP

    3072:MohSkvvPyxVa/luhqOm7Li5Qg7AZG9YqSSBZ4/EbvSqKvak:dAWP/EqOm35Guqq/EbZKCk

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2