Extracted

• • Target

    f3c367f6a6477a7c34e2d3e0ce4d98e2_JaffaCakes118

  • Size

    92KB

  • MD5

    f3c367f6a6477a7c34e2d3e0ce4d98e2

  • SHA1

    e5d6f21233fb09ba632c053f05604de80a69c229

  • SHA256

    ad1d151e16ee8fb73a670053df6cabc879a09312eabb1684d19d907be25444fd

  • SHA512

    99d9b495d8fb6c7a1f2ff8cd59593bc7978feae6e85f7814b553cebabcba8505e31c5eaff1c20495eabdb81c40f27196cbf20bf571a1020d6e32c8f4f23850f4

  • SSDEEP

    1536:SSquE20GQhzD4axzIYD8WwHBCrwPbX2u7GfGwNt07OWGVIK1DYTcLGz2abWRzXQ:VUVxD1whCcbCfGwNtsOWGVIsDY4LGz28

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2