metasploit | e88322c9466f0e3fb4ab3824b512ea7c8d25a41a838acff44055f5f5571f1727 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7ebd59097...18.exe

windows7-x64

d7ebd59097...18.exe

windows10-2004-x64

Sharing

General

Target

d7ebd59097031d80fdaafdfa958a9d53_JaffaCakes118
Size

93KB
Sample

240910-krydjsvfrp
MD5

d7ebd59097031d80fdaafdfa958a9d53
SHA1

ecbaf3d0a423f43d095605cd2b4913f063d5193f
SHA256

e88322c9466f0e3fb4ab3824b512ea7c8d25a41a838acff44055f5f5571f1727
SHA512

c4664e81f097d0d776bf498ef039f9c52cbbc4418bad66cdff0831fbe4466381464c9c99913094710eb642c8860d0dcf45a816781fec866d01bbb3e4959d392d
SSDEEP

1536:ySquE20GQVzUfsvJ3XaNvsb06jsR4Ic/gKJEENUwQmI5xgrQDeUgrk/kYE+G0rhN:1sUYAvsb06ja4jgPgAjdHPrKe3coN

Score

10^/10

metasploit backdoor discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7ebd59097031d80fdaafdfa958a9d53_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7ebd59097031d80fdaafdfa958a9d53_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d7ebd59097031d80fdaafdfa958a9d53_JaffaCakes118
- Size
  
  93KB
- MD5
  
  d7ebd59097031d80fdaafdfa958a9d53
- SHA1
  
  ecbaf3d0a423f43d095605cd2b4913f063d5193f
- SHA256
  
  e88322c9466f0e3fb4ab3824b512ea7c8d25a41a838acff44055f5f5571f1727
- SHA512
  
  c4664e81f097d0d776bf498ef039f9c52cbbc4418bad66cdff0831fbe4466381464c9c99913094710eb642c8860d0dcf45a816781fec866d01bbb3e4959d392d
- SSDEEP
  
  1536:ySquE20GQVzUfsvJ3XaNvsb06jsR4Ic/gKJEENUwQmI5xgrQDeUgrk/kYE+G0rhN:1sUYAvsb06ja4jgPgAjdHPrKe3coN
Score

10^/10

metasploit backdoor discovery persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistencetrojanupx

behavioral2

metasploitbackdoordiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy