General
-
Target
153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118
-
Size
163KB
-
Sample
240627-jqjnbssdlj
-
MD5
153807fd4ed81e99387e80b6d12ddef3
-
SHA1
2926c65bee567241abd703f7d3434942faec57b7
-
SHA256
2801f320eb2fc6005be000a31225eb6f2e33bbb6e42f99897003b800ec38eb72
-
SHA512
074c7c165f2c86dd96a86f0e7cd1af2f545c08c13012aa809fe511dc2a3a093978c846e721cce3c2d1d65135b5947df9685ac97ccf1be1c42c9842508845c3cc
-
SSDEEP
3072:gv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj9j:gxnoULRvEVlEvAvP1KQ
Static task
static1
Behavioral task
behavioral1
Sample
153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118
-
Size
163KB
-
MD5
153807fd4ed81e99387e80b6d12ddef3
-
SHA1
2926c65bee567241abd703f7d3434942faec57b7
-
SHA256
2801f320eb2fc6005be000a31225eb6f2e33bbb6e42f99897003b800ec38eb72
-
SHA512
074c7c165f2c86dd96a86f0e7cd1af2f545c08c13012aa809fe511dc2a3a093978c846e721cce3c2d1d65135b5947df9685ac97ccf1be1c42c9842508845c3cc
-
SSDEEP
3072:gv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj9j:gxnoULRvEVlEvAvP1KQ
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1