General
-
Target
1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118
-
Size
93KB
-
Sample
240701-vf983sshqm
-
MD5
1bc7db208fb6cc34fd08bf9c1ed14a71
-
SHA1
2f88697737dd798dbb6ecc3f3102cbaecb20eff0
-
SHA256
239281cf00bc9d6338829a45b61e306268908595edef6956a3eb48401c9d9703
-
SHA512
5fd5254dd43587d10a7be157c05d279c4b088deadef4e71849d5da457aa526a4791735a10e0daa419df5357cf4b09dc241f78ebc99bb3c1821172e6fd03de426
-
SSDEEP
1536:u966bMGYpHhmIhyx9XlibMwZnwJ7/Ig0cTxzmKa3iqltpDJEasBMDYP77:u966bM5pHhDIHXFJ7/ICoiyVJfH
Behavioral task
behavioral1
Sample
1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118
-
Size
93KB
-
MD5
1bc7db208fb6cc34fd08bf9c1ed14a71
-
SHA1
2f88697737dd798dbb6ecc3f3102cbaecb20eff0
-
SHA256
239281cf00bc9d6338829a45b61e306268908595edef6956a3eb48401c9d9703
-
SHA512
5fd5254dd43587d10a7be157c05d279c4b088deadef4e71849d5da457aa526a4791735a10e0daa419df5357cf4b09dc241f78ebc99bb3c1821172e6fd03de426
-
SSDEEP
1536:u966bMGYpHhmIhyx9XlibMwZnwJ7/Ig0cTxzmKa3iqltpDJEasBMDYP77:u966bM5pHhDIHXFJ7/ICoiyVJfH
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-