Extracted

• • Target

    987479d24b50689b283c4098c4db39d5_JaffaCakes118

  • Size

    140KB

  • MD5

    987479d24b50689b283c4098c4db39d5

  • SHA1

    d43d93d73cdc569787d7f306a170d181b88534a0

  • SHA256

    56246e742010b711745e48e61c2a34ada7bcd19c80224ce03d0b398dbe08ca26

  • SHA512

    c06eb09d62f2af207f3f6bd818b8bb47303c6cc54135fa263ba0ac2a401f74e420699a3376872f11e7926ca0c5769cb38ba3fee87a7020955ebde5eb3f4a8b92

  • SSDEEP

    3072:R3OVNXgWYmutXzUO8oD6mvwc/+HC4UNJjEenSDAr48Lp:FOojXAnDXixjda8Lp

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Windows security bypass

    evasiontrojan

  • Modifies Windows Firewall

    evasion

  • Deletes itself

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2