Overview

overview

10

Static

static

10

e380a8df2a...18.exe

windows7-x64

10

e380a8df2a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e380a8df2ae905bc03a88d1afeb16333_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    e380a8df2ae905bc03a88d1afeb16333

  • SHA1

    6c909c4d17671bc46e36116a7c58f81eaefb5ee7

  • SHA256

    084b5a2d9f1d494f75abeaa78d9e67e384da66a314f12bcd1ab9a6cbfb885bb8

  • SHA512

    675fa6b58f29ace931e58137526140ec0c4f226b02bfbb9e0e6dfb1b674e4aa11d9eda7038dc53777c2415f36843713012109871c11b10cc53cfaea5eb768065

  • SSDEEP

    768:tVA9SMiB2BEefCUIFaqO7AZfqTqNPMsK8k6lRZ95x:DzF1ej7kZY4PMXEh5x

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

41.230.47.149:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e380a8df2ae905bc03a88d1afeb16333_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e380a8df2ae905bc03a88d1afeb16333_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:5032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5032-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download