General
-
Target
e16e4bf03f7f05a58f518ea4eaaa1501_JaffaCakes118
-
Size
185KB
-
Sample
240915-btbg5aybpk
-
MD5
e16e4bf03f7f05a58f518ea4eaaa1501
-
SHA1
050413902dbd7516a209e6749bf83802c2d075fc
-
SHA256
648d78489be85b1db3a8d8da1cf966d97f1d592f8586bdaff608c9afac671642
-
SHA512
fee88302c5ec0c2f9ca38876698863e1073e4b76b84b308434e13fa90ca33672537567526eabf283a233c34bab18686a0f7a36acc8c993d264de9bf5b1f9fa2e
-
SSDEEP
3072:EIDI05N6SGLUPSBEul2zBklsDNEnIkrsnn0UMPcSDM+1+IqewHcvBS9a3FA2YQCr:EI805onUP3rzOlshEI10UM7D8IqewHv3
Static task
static1
Behavioral task
behavioral1
Sample
e16e4bf03f7f05a58f518ea4eaaa1501_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e16e4bf03f7f05a58f518ea4eaaa1501_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
e16e4bf03f7f05a58f518ea4eaaa1501_JaffaCakes118
-
Size
185KB
-
MD5
e16e4bf03f7f05a58f518ea4eaaa1501
-
SHA1
050413902dbd7516a209e6749bf83802c2d075fc
-
SHA256
648d78489be85b1db3a8d8da1cf966d97f1d592f8586bdaff608c9afac671642
-
SHA512
fee88302c5ec0c2f9ca38876698863e1073e4b76b84b308434e13fa90ca33672537567526eabf283a233c34bab18686a0f7a36acc8c993d264de9bf5b1f9fa2e
-
SSDEEP
3072:EIDI05N6SGLUPSBEul2zBklsDNEnIkrsnn0UMPcSDM+1+IqewHcvBS9a3FA2YQCr:EI805onUP3rzOlshEI10UM7D8IqewHv3
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-