Analysis

  • max time kernel
    105s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2024, 22:39

General

  • Target

    0cbd8525a3e2715ab24e8dbfdd087340_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    0cbd8525a3e2715ab24e8dbfdd087340

  • SHA1

    6954732b71c0926193f347e04184e17ea87b1d43

  • SHA256

    6e9d5d596ff505197b937308fa463e9d27f5bcd6e81df383e317673fbd08c3af

  • SHA512

    3410bc8669c440e439190e8dcf9387185a1b0554a2478f2cbfa41213c4e4faf136533e3dad2f103a819501fcaf71effbe92ea4b540bb879212bcec9fd1f90ee9

  • SSDEEP

    768:iVATSMdj2drWga/IrMcO7A5cqLTNqMs/ipL6lRZ95x:EVmwORkuwJqMs/i6h5x

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.111:1233

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cbd8525a3e2715ab24e8dbfdd087340_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0cbd8525a3e2715ab24e8dbfdd087340_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4144-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB