Extracted

• • Target

    e0e101b3dc7d15a997ef35684bd6f504_JaffaCakes118

  • Size

    221KB

  • MD5

    e0e101b3dc7d15a997ef35684bd6f504

  • SHA1

    2e5a8d20e207bfbe0dcaf071a016fe0441b59eb0

  • SHA256

    c929a1360f1d25b26c8a5a0290977ed24b0dda95f06fcbd9e4f640b6c2a6fba8

  • SHA512

    395cb8d9a934d709b455ffac565406e872bbe356e63093c139ac6b9d883894b54a0c900d5dfb6aa31ea4b03f41ce94b40bfa42ca80077a77cf802aa49766d3cf

  • SSDEEP

    6144:pS7HStLy75Zn5YY6o7arhQ+BPyJnKMsjW5k5B9DFkeQFE7GrQ:ozStu75Z5xPyYJnD05JZwaGr

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2