Extracted

• • Target

    d78dd4847cb3cb7eeab76d29b9cf9282_JaffaCakes118

  • Size

    184KB

  • MD5

    d78dd4847cb3cb7eeab76d29b9cf9282

  • SHA1

    abf2ab1713217b5062e4251e0a92ab3a1f69ea94

  • SHA256

    933bb9e32ea8b27d6c63b295a41f96f3ed53aa19eafd1c794b11f6e5f1401c38

  • SHA512

    2502d07abbe02ce2d0632e98e1f663a94311b32764e2248421c47ef53abc5b0cceb3c117d4dac4aa161435d4ff2fc444284b646c498cdf6da0ca3a65db0c9136

  • SSDEEP

    3072:K6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0gcRpz+p:s6Nj5LInmwIftXSXz+p

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies firewall policy service

    evasion

  • Windows security bypass

    evasiontrojan

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2