General
-
Target
135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118
-
Size
192KB
-
Sample
240626-zde3daveqp
-
MD5
135b8f7a9148e9668b2c2125898d9f29
-
SHA1
950d01f793b7d349c6db244fc3af0ba59fb788c9
-
SHA256
5d1c82844f7b188784acb77c6fc989a289a7526d43e2db703e0ae6ad0b2eb061
-
SHA512
14aac870f7507bf757c2beb89a8079d5aaf62bb1b54be34832c7bba3ec517a6a1b9b36e3d521220eda95f6115c107d7382dc9411c200519d445be60f334b5b03
-
SSDEEP
3072:l6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0XKsFzi3TKswhb:r6Nj5LInmwIftXaijob
Static task
static1
Behavioral task
behavioral1
Sample
135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118
-
Size
192KB
-
MD5
135b8f7a9148e9668b2c2125898d9f29
-
SHA1
950d01f793b7d349c6db244fc3af0ba59fb788c9
-
SHA256
5d1c82844f7b188784acb77c6fc989a289a7526d43e2db703e0ae6ad0b2eb061
-
SHA512
14aac870f7507bf757c2beb89a8079d5aaf62bb1b54be34832c7bba3ec517a6a1b9b36e3d521220eda95f6115c107d7382dc9411c200519d445be60f334b5b03
-
SSDEEP
3072:l6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0XKsFzi3TKswhb:r6Nj5LInmwIftXaijob
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-