metasploit | e7e3065bd1361df0190372fd389d071de4aa43d47f0b693142109bb24cae7337

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe
Size

1.9MB
MD5

e7a799bc9d88bd56e08ca76036908332
SHA1

c68ff8e0c91cff087646eb1ea34db77f0f719a33
SHA256

e7e3065bd1361df0190372fd389d071de4aa43d47f0b693142109bb24cae7337
SHA512

2aac2535446287420bd32b565e34d7979d38cd9ca54e9f6a7505a5fd359a5b00d8f78ea0e69559acf10066fac33df77d3f397342b406e6d50dc8fafcfca5b1e9
SSDEEP

24576:Ms0oLUcgY2ptZ8ecNUGhpHhFV5+ujscL/IIS7Y/FOrywjc8WFdW8gwnU0I4rHhSE:X0CJgnLcDLHnVf/IE/4Ow3odW8g8SE

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://8.210.39.131:443/VClW

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4544	e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe
4544	e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7a799bc9d88bd56e08ca76036908332_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4544-1-0x0000000001840000-0x0000000001940000-memory.dmp

Filesize
1024KB

Download