Extracted

• • Target

    e725fdbb26a61f9f037406969f2618de_JaffaCakes118

  • Size

    816KB

  • MD5

    e725fdbb26a61f9f037406969f2618de

  • SHA1

    8c07c84296c35fd93ba0499856f12ee45128cf18

  • SHA256

    5170180a716eaf47159bf537707410dfb75dc5e78fbc79e6697f393e2d7a208c

  • SHA512

    0972faba8e0a230382ac3ac0fc832e658dece7b2f1774238e2e7525eb86fd4032fc7805844bca427fd6237c8b2502980cc58522aa236d91f05a9d5b15db9117a

  • SSDEEP

    3072:hWe51vVRpJMFkstvxxrHA7ZFx+UMFQowJKfpThp+38uEEDUOIg:9st7rHA7xbMeLKDpKwpg

  Score

  10^/10

  metasploitbackdoordiscoverymacrotrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Suspicious Office macro

    Office document equipped with macros.

    macro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2