Extracted

• • Target

    e4736922939a028384522b17e9406474_JaffaCakes118

  • Size

    92KB

  • MD5

    e4736922939a028384522b17e9406474

  • SHA1

    920b67cb250abdb593b1104a9922e2468b0fe252

  • SHA256

    ede22512ede04120967bd6911576db405462574b7aa03f50d7e0bb343ad3c6b8

  • SHA512

    def5bca8fce23456801cf6115158fffc9a971b969d50df87e8307f577530c5d5a5c392293ac895a4511e096f4be5b56952a3a879ee784115a345c819c03312ef

  • SSDEEP

    1536:WSquE20GQOxAdhxjv8pf6nztHlERSTwNS2rIsRB4S1XuPfwtVEWY9dnRY/3:pzAxSutFu4mSMRVxqfw7D0nRI

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2