metasploit | e7e6a96f6e9b645ed008057a1184195d42d99d38f99373d12aa6c545bdff0dad

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-11-2024 17:30

Target

ad13ede6f1118f9684a04282b7b2b00f_JaffaCakes118.exe
Size

20KB
MD5

ad13ede6f1118f9684a04282b7b2b00f
SHA1

09a0bcd6c4f12ceb21c89fed152bc245ea393498
SHA256

e7e6a96f6e9b645ed008057a1184195d42d99d38f99373d12aa6c545bdff0dad
SHA512

906a7c20b70195d4051ccce82fd1ab85b06613240d3e71c38955569740b146c40739ddc8858e351b6eb1969d7dd58f9d1fdbda4386e7f394a3dfd1f9aa4b6654
SSDEEP

384:K4GaGIGECv88a8GakOWlTxZgC9eourB5ThsySkPrl:KxaGIG/vZGaDWllfer5Fsyt

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.0.4:8080

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3056-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/3056-2-0x0000000000400000-0x0000000000410000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\ad13ede6f1118f9684a04282b7b2b00f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad13ede6f1118f9684a04282b7b2b00f_JaffaCakes118.exe"
1⤵
PID:3056

memory/3056-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3056-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3056-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download