General
-
Target
199363efcdf47c69fe172d113d744d68_JaffaCakes118
-
Size
256KB
-
Sample
240628-k6bs4a1fra
-
MD5
199363efcdf47c69fe172d113d744d68
-
SHA1
20780c67d3f26f4a05b11d437b27dd8a18bf1cf3
-
SHA256
29c5267bc432eff80ff5496dbb467e33f3094a2d5795fe146fb4ad051d7ed327
-
SHA512
4c4e6856dba5be288e526bdd7348cd174c963dd13235b09c40e383de71e0603b92e3bcd1c2054c24498387cd2d8d3f4510dd98cb719b9d866369a35f7280d591
-
SSDEEP
6144:v2C2F8NXC796TB9vj481RcOYx3Zmdh3Vxa3NwOiz87:vweVQkTrvj46A3ZG9Vx3O
Static task
static1
Behavioral task
behavioral1
Sample
199363efcdf47c69fe172d113d744d68_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
199363efcdf47c69fe172d113d744d68_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
199363efcdf47c69fe172d113d744d68_JaffaCakes118
-
Size
256KB
-
MD5
199363efcdf47c69fe172d113d744d68
-
SHA1
20780c67d3f26f4a05b11d437b27dd8a18bf1cf3
-
SHA256
29c5267bc432eff80ff5496dbb467e33f3094a2d5795fe146fb4ad051d7ed327
-
SHA512
4c4e6856dba5be288e526bdd7348cd174c963dd13235b09c40e383de71e0603b92e3bcd1c2054c24498387cd2d8d3f4510dd98cb719b9d866369a35f7280d591
-
SSDEEP
6144:v2C2F8NXC796TB9vj481RcOYx3Zmdh3Vxa3NwOiz87:vweVQkTrvj46A3ZG9Vx3O
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-