General
-
Target
1b59e7a3b69906bfb5574b0f004cc34f_JaffaCakes118
-
Size
84KB
-
Sample
240701-t8vtesseqm
-
MD5
1b59e7a3b69906bfb5574b0f004cc34f
-
SHA1
82ed058f49a1cec88b4a1ce160ed683f40884544
-
SHA256
9adc00545f509616357a0b4a0572c10bcf3f4a9bb22b720559ac72e34c87a1c6
-
SHA512
2bf6f34e72da4b98ae3e61923044f5c6fbdfa0c8bd4324c90c67742f6f8c6d57bb3ece1d8a42ecaf0960de6d6ee31ad844edfb2f5c215b5e1136c7b01297f179
-
SSDEEP
1536:n/lBAtUu4U4g+lt8alGHijt+6D5Qzlnsi+oBFhxGM3GY197usQC03gju4n9yyv:n/lB4N4e+lWalZA6D6zdsOPhoMP19bIb
Static task
static1
Behavioral task
behavioral1
Sample
1b59e7a3b69906bfb5574b0f004cc34f_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1b59e7a3b69906bfb5574b0f004cc34f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1b59e7a3b69906bfb5574b0f004cc34f_JaffaCakes118
-
Size
84KB
-
MD5
1b59e7a3b69906bfb5574b0f004cc34f
-
SHA1
82ed058f49a1cec88b4a1ce160ed683f40884544
-
SHA256
9adc00545f509616357a0b4a0572c10bcf3f4a9bb22b720559ac72e34c87a1c6
-
SHA512
2bf6f34e72da4b98ae3e61923044f5c6fbdfa0c8bd4324c90c67742f6f8c6d57bb3ece1d8a42ecaf0960de6d6ee31ad844edfb2f5c215b5e1136c7b01297f179
-
SSDEEP
1536:n/lBAtUu4U4g+lt8alGHijt+6D5Qzlnsi+oBFhxGM3GY197usQC03gju4n9yyv:n/lB4N4e+lWalZA6D6zdsOPhoMP19bIb
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-