General
-
Target
133163d140767f64c08ad7c9919a887b_JaffaCakes118
-
Size
208KB
-
Sample
240626-ycvwrssfrq
-
MD5
133163d140767f64c08ad7c9919a887b
-
SHA1
8257cd30dbccf6a579f645dfe49b359442e98636
-
SHA256
e0b963a481dbd0ecfc8dfefbecda00410d8581ba5fd342da5c0c3ddc5ac1c64c
-
SHA512
cc4850b553e6dcb8dcda3e4721fd360b4445df28811af5367592bd4214e8f2df510b2892b2e2100b56be1b58ad6a8982e85c4452eebf802272900fc1af3a827e
-
SSDEEP
3072:FPmMBwEEi1b0lSIkt7VXX7YJbPxwWSv6rAl6m4Gxf8f:FPmqwKCyVXX7SSi4C
Static task
static1
Behavioral task
behavioral1
Sample
133163d140767f64c08ad7c9919a887b_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
133163d140767f64c08ad7c9919a887b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
133163d140767f64c08ad7c9919a887b_JaffaCakes118
-
Size
208KB
-
MD5
133163d140767f64c08ad7c9919a887b
-
SHA1
8257cd30dbccf6a579f645dfe49b359442e98636
-
SHA256
e0b963a481dbd0ecfc8dfefbecda00410d8581ba5fd342da5c0c3ddc5ac1c64c
-
SHA512
cc4850b553e6dcb8dcda3e4721fd360b4445df28811af5367592bd4214e8f2df510b2892b2e2100b56be1b58ad6a8982e85c4452eebf802272900fc1af3a827e
-
SSDEEP
3072:FPmMBwEEi1b0lSIkt7VXX7YJbPxwWSv6rAl6m4Gxf8f:FPmqwKCyVXX7SSi4C
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Impair Defenses
1Disable or Modify System Firewall
1