Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/09/2024, 07:29 UTC

General

  • Target

    e448c3328c9b70172469186858b16e08_JaffaCakes118.exe

  • Size

    11KB

  • MD5

    e448c3328c9b70172469186858b16e08

  • SHA1

    bd8d332c62e4402d30a5b6dd2dc9c40c9b589281

  • SHA256

    bbb7122d529b9c0393a45114b482495eddf00463b852738ccd7e002dfbabecb1

  • SHA512

    3ae041cbb37752348957f1d4cb2c09af7db961968192576bb529e72d62d8764da4d740cd6a9720aa1f20ced781dc1c954a23da6a396d85c5ead965d6ea1e89ce

  • SSDEEP

    12:VtGSGK4d//UHwGlIFWVd2UROmDvOF5+4aF90exkJemIgY2GulBM5B:VtGStCOlhF9Dvk5SP0L/bG1B

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_nonx_tcp

C2

10.216.64.64:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e448c3328c9b70172469186858b16e08_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e448c3328c9b70172469186858b16e08_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 36
      2⤵
      • Program crash
      PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2180-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2180-1-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.