metasploit | f79a2f12593adb87b21582be1e33e8643ac5aedb54ffd44ec33300fc2ed3b40e

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-09-2024 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe
Size

51KB
MD5

e763c971e990fc4eea67951471df25fe
SHA1

20af0416d67b670ca15ede714eccbbb173146bf1
SHA256

f79a2f12593adb87b21582be1e33e8643ac5aedb54ffd44ec33300fc2ed3b40e
SHA512

24be6e0147772b68c143278164ecffdccac8c8a8be842c03fcb061d1e165d45a13a52ae7954eb0b88dadc78b244cf1de7f674c1a875314c620c0b32f96f2a2b1
SSDEEP

768:mymdWE7MFsuQUwpw2FBBBpH4RwHRiUvlsYQKoFwUU85+bzeh7nu9y:IfZB3H4RkiwsOoFqdqU

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2308	e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2308	e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e763c971e990fc4eea67951471df25fe_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2308-0-0x0000000000439000-0x000000000043B000-memory.dmp

Filesize
8KB

Download
memory/2308-1-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2308-3-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2308-6-0x0000000000439000-0x000000000043B000-memory.dmp

Filesize
8KB

Download
memory/2308-7-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download