Overview

overview

10

Static

static

3

JaffaCakes...a9.exe

windows7-x64

10

JaffaCakes...a9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 13:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_89cde44af0cfeb4c250472c60cce1fa9.exe

  • Size

    134KB

  • MD5

    89cde44af0cfeb4c250472c60cce1fa9

  • SHA1

    2aa4c7960cbd02a3088505d8404283c0a7971b5b

  • SHA256

    e86f36c943e1fc9ffa80ae4277012ebf8fbea64271ea3953a16cf1edcf3c71ca

  • SHA512

    5ecd1d75854d3b872dca906f8888d0aa2d762d2cdd12c0c1980f598f31300a8874724994c512ea9cde4d69110ded5800eee4c6c2b4a20e58a645951cd3a72e06

  • SSDEEP

    1536:oQD/Id/4cNIFOHCDEWj3LRR3sPCqOSRy1/Xa0nBv5XLQugf9g7bYnrwMF9Biou+:/gd/4FLDEWjleMSRglIX

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cde44af0cfeb4c250472c60cce1fa9.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cde44af0cfeb4c250472c60cce1fa9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cde44af0cfeb4c250472c60cce1fa9.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cde44af0cfeb4c250472c60cce1fa9.exe"
      2⤵
        PID:2828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2828-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2828-8-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2828-6-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2828-5-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2828-2-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2828-1-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2828-0-0x0000000029A00000-0x0000000029A1E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2876-12-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.