Extracted

• • Target

    d9a86d5ecf83835d45174e9fb0a3bd5f_JaffaCakes118

  • Size

    95KB

  • MD5

    d9a86d5ecf83835d45174e9fb0a3bd5f

  • SHA1

    ebca1be4feb150cac39059ff505a343bc24204ce

  • SHA256

    c4b428c3aefff6101034705dac8a1c9efaf1479406ceec00d4161e6d6045db37

  • SHA512

    d6bfd684f544f3943760b7541a3cbb99362f76c72c667c7f8d59d9eaede2cff75ace0a374387c2e9af5e0eb1c4bdc3065952a19843d092d6e72088929db0572e

  • SSDEEP

    1536:IviqZoQNDW5SGOGqsqMPuQP4AYPdi6YUtFtFb3KuNTjniZeZnBLleI3SoTZx2781:IHosS5SsG5c4lVi6DFHDVNyZgVltDD2O

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2