metasploit | 68f058068d38f11bd310b141dd5f5f3d503ecb2032980a008b3448cb49e98aa0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe
Size

42KB
MD5

bccdb0e11fec3ba7571c064b61f42ee8
SHA1

e7eeb7661970bb1638c56de65db54c5b34315cde
SHA256

68f058068d38f11bd310b141dd5f5f3d503ecb2032980a008b3448cb49e98aa0
SHA512

bd23d418de83ba1d96453ad309271cc3fd1561422fc854189a010f290629773a320188416cd71856ca4146dd2c76ae5ac809156ba47224d6ec27ef17b6ecb751
SSDEEP

768:UuCkdC2D5z4oWV0OCAB4Rld8Inv47r6u5W7TKE:Ujkdjl8WK4RP84vkmu5WvK

Score

10^/10

metasploit backdoor discovery trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\csrsc.exe	bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\csrsc.exe	bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-0-0x0000000000400000-0x000000000048B000-memory.dmp	upx
behavioral1/memory/2476-3-0x0000000000400000-0x000000000048B000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bccdb0e11fec3ba7571c064b61f42ee8_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2476-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2476-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download