General
-
Target
142a3235219c3eb059aeff433375db8e_JaffaCakes118
-
Size
92KB
-
Sample
240627-bn7clsvdkb
-
MD5
142a3235219c3eb059aeff433375db8e
-
SHA1
60bfb0e3b64967cb51cd5a34402fbacbfd9a15dc
-
SHA256
6421fb46fc3f46c79cb95e2e78530dee35a7d10d85177bade93d69bab705a36e
-
SHA512
f2a826581f250d67a64e9a781d1325d56acee59057d8adc4aa0d0bb697647788b71db59931b8820d2365df4e86631fa68ce0f1bb53e85c600a3d5a1cea8e0674
-
SSDEEP
1536:eSquE20GQrSmGb1BMojS8Qnf6pgU3kOpzfVr0HvhxcVaH22IyPjlJxsLUw:xBmGr4mbUORfVr0PHEWJw
Static task
static1
Behavioral task
behavioral1
Sample
142a3235219c3eb059aeff433375db8e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
142a3235219c3eb059aeff433375db8e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
142a3235219c3eb059aeff433375db8e_JaffaCakes118
-
Size
92KB
-
MD5
142a3235219c3eb059aeff433375db8e
-
SHA1
60bfb0e3b64967cb51cd5a34402fbacbfd9a15dc
-
SHA256
6421fb46fc3f46c79cb95e2e78530dee35a7d10d85177bade93d69bab705a36e
-
SHA512
f2a826581f250d67a64e9a781d1325d56acee59057d8adc4aa0d0bb697647788b71db59931b8820d2365df4e86631fa68ce0f1bb53e85c600a3d5a1cea8e0674
-
SSDEEP
1536:eSquE20GQrSmGb1BMojS8Qnf6pgU3kOpzfVr0HvhxcVaH22IyPjlJxsLUw:xBmGr4mbUORfVr0PHEWJw
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-