metasploit | cae94284592af774243f420d9de3960c2f8a1bc54173b84884514229e0c4cca1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-12-2024 21:47

Target

dea036811884b34adb10d28397d38b48_JaffaCakes118.exe
Size

43KB
MD5

dea036811884b34adb10d28397d38b48
SHA1

bbc4d6170925488a223249269643849abbf43744
SHA256

cae94284592af774243f420d9de3960c2f8a1bc54173b84884514229e0c4cca1
SHA512

9b0003aba10b357ddd55ff7ca26bce4ebfa92fb2940331f11da76686efa7e3f82b4024e8e4bc44af63ce1fb63d74a837b6d3dbb2a1ef13d5eb05c9a798e1ce15
SSDEEP

768:lJoD8bR3JkpnEEGUnPiM3ZtY2ARXOQ15vGG+T7w6rAsZU:lJa8lJ+EEYMflAJVPA7w3

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

metasploit_stager

192.168.1.30:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2376	2188	dea036811884b34adb10d28397d38b48_JaffaCakes118.exe	31
PID 2188 wrote to memory of 2376	2188	dea036811884b34adb10d28397d38b48_JaffaCakes118.exe	31
PID 2188 wrote to memory of 2376	2188	dea036811884b34adb10d28397d38b48_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\dea036811884b34adb10d28397d38b48_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dea036811884b34adb10d28397d38b48_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 64
  2⤵
  PID:2376

memory/2188-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download