General
-
Target
1aeda6ec35f1076db6b88da73f670640_JaffaCakes118
-
Size
160KB
-
Sample
240701-med59ayhqj
-
MD5
1aeda6ec35f1076db6b88da73f670640
-
SHA1
8c77c2a2ed7e7d800b266fb09c03d913e863771d
-
SHA256
226d19ed695c9b68d08266d31b7260129846f8c24096b6b6f52d6f3a47e5203a
-
SHA512
17c2a05cf4e8f0616c5e31d1b41c083b95583510962a4c08c0743656f0d69e9a8886f9dc3eadc1314b323db6dc82fe9cf5b2cb0c41876efcf11e941a80231fa0
-
SSDEEP
3072:uv/1tNNdyaiRScHtelmKjXgMmMSRwA0zhL4cLMw5YQHGgUpJLxM5:uvvd2Nh8XgMmNczTMAY0kpZE
Static task
static1
Behavioral task
behavioral1
Sample
1aeda6ec35f1076db6b88da73f670640_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1aeda6ec35f1076db6b88da73f670640_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1aeda6ec35f1076db6b88da73f670640_JaffaCakes118
-
Size
160KB
-
MD5
1aeda6ec35f1076db6b88da73f670640
-
SHA1
8c77c2a2ed7e7d800b266fb09c03d913e863771d
-
SHA256
226d19ed695c9b68d08266d31b7260129846f8c24096b6b6f52d6f3a47e5203a
-
SHA512
17c2a05cf4e8f0616c5e31d1b41c083b95583510962a4c08c0743656f0d69e9a8886f9dc3eadc1314b323db6dc82fe9cf5b2cb0c41876efcf11e941a80231fa0
-
SSDEEP
3072:uv/1tNNdyaiRScHtelmKjXgMmMSRwA0zhL4cLMw5YQHGgUpJLxM5:uvvd2Nh8XgMmNczTMAY0kpZE
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-