Overview

overview

10

Static

static

5

JaffaCakes...e3.exe

windows7-x64

10

JaffaCakes...e3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2025, 05:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0234e4e93819712317fe80613084e2e3.exe

  • Size

    42KB

  • MD5

    0234e4e93819712317fe80613084e2e3

  • SHA1

    be7c433daa1780e3cb3f83de398ae4576911dbe9

  • SHA256

    afe0f99ff06bbe93703b5a470b4cb0efe070786b0d43d08c290f8efe7f47b184

  • SHA512

    8256dcddb1baae4b6f6305c1683f4ad691d4bf9d3da1d107fdca49c799afcaf7463a966dd3702757e70dab1816711bdb387350f0a76c58672f14b28b39e45692

  • SSDEEP

    768:0uCkdC2D5z4oWV0OCAB4Rld8Inv47pwMnrRCTuK1:0jkdjl8WK4RP84vkR4

Score
10/10
metasploitbackdoordiscoverytrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in System32 directory 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0234e4e93819712317fe80613084e2e3.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0234e4e93819712317fe80613084e2e3.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2440-0-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2440-4-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.