Extracted

• • Target

    ccdf968440a23417b86c84ebaae31fb5_JaffaCakes118

  • Size

    434KB

  • MD5

    ccdf968440a23417b86c84ebaae31fb5

  • SHA1

    d77d9600a9932cc1126a007ed1002f47d2aa3715

  • SHA256

    b9a53039be2a305e3b30e30696d4c8c441ac96dfaf1717c3de9232f8f8abfe6c

  • SHA512

    6a747cfc9eaa110d365587ae9ca4daf7dfb4c8cd4f9ae730eb575db474949aa89a84e5d3a5fd82907c4247c67bfc7d468c82ba76d84a2dd8ae3b35fb3bcf1a42

  • SSDEEP

    12288:4LFogcK7y/yfv+uo7yPHYUX848TJiP61wtBoGxNt95a3:4LCdKe/mma3d8TJiP67G195a3

  Score

  10^/10

  discoverypersistencemetasploitbackdoortrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2