General
-
Target
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118
-
Size
129KB
-
Sample
240628-rb8ynstbld
-
MD5
1a65f67b34573fc5611d04abacb1eb0d
-
SHA1
4c89ea6a0342ac4a54a9940132af406ea8a5644f
-
SHA256
4764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
-
SHA512
999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
SSDEEP
3072:ctPVDgXBYV9eCYS34uO/VGNtJvI6MJCyzjV:OGRYzN739O/ANzvWJX
Static task
static1
Behavioral task
behavioral1
Sample
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118
-
Size
129KB
-
MD5
1a65f67b34573fc5611d04abacb1eb0d
-
SHA1
4c89ea6a0342ac4a54a9940132af406ea8a5644f
-
SHA256
4764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
-
SHA512
999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
SSDEEP
3072:ctPVDgXBYV9eCYS34uO/VGNtJvI6MJCyzjV:OGRYzN739O/ANzvWJX
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-