metasploit | 5be59f7b3e742bc3f9d445b179aafcba18f7b3ec9e8908080598fd10ebdf44b2

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/12/2024, 15:47

Target

f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
Size

184KB
MD5

f4ad9a88c694a71d680f779ba10aca43
SHA1

86c4f5b13f36982ee30c1ccfe976690491242dd8
SHA256

5be59f7b3e742bc3f9d445b179aafcba18f7b3ec9e8908080598fd10ebdf44b2
SHA512

6a6ce0b734061435f983fcffef93271da69abd5029d4aa9cf5e5f05be43b9d81e1b6590b2ba8a605669c8c56b4cf199a9b0bcc4bc3919f8414cbe405e26cb14d
SSDEEP

3072:UkfkXP5KTx+KJDvTcNE/NgyJnDIBetryV1DC5jiq:UkMkAKdvTDgyD0OL5ji

Score

10^/10

Family

metasploit

Version

encoder/call4_dword_xor

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	548	f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	548	f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:548

memory/548-0-0x0000000000400000-0x000000000067E000-memory.dmp

Filesize
2.5MB

Download
memory/548-1-0x0000000000400000-0x000000000067E000-memory.dmp

Filesize
2.5MB

Download
memory/548-2-0x0000000000400000-0x000000000067E000-memory.dmp

Filesize
2.5MB

Download