General
-
Target
1d17f3dccaa13f630efa8dbf0931f91a_JaffaCakes118
-
Size
92KB
-
Sample
240702-aqxerayhke
-
MD5
1d17f3dccaa13f630efa8dbf0931f91a
-
SHA1
34db6abceea93a89e0cdf09963ffead393948776
-
SHA256
51475ed3595ddde54040584a3ce2c2d48716a24d41c5b52313e7e50570869721
-
SHA512
8a8492d19ff74ed0365eaf23ce80906d50106ea379ec009c995e1a01c900ddd5b841da323aecca4233b38908aa294a8609f05a8972de50306484c723d943f81f
-
SSDEEP
1536:qSquE20GQT5nOMGxDuAcOvMW12mAsIvPJMobLnfCOOpeMHO7r/d0hertr:tknOluF8hzI39jWpNH2rOertr
Static task
static1
Behavioral task
behavioral1
Sample
1d17f3dccaa13f630efa8dbf0931f91a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d17f3dccaa13f630efa8dbf0931f91a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1d17f3dccaa13f630efa8dbf0931f91a_JaffaCakes118
-
Size
92KB
-
MD5
1d17f3dccaa13f630efa8dbf0931f91a
-
SHA1
34db6abceea93a89e0cdf09963ffead393948776
-
SHA256
51475ed3595ddde54040584a3ce2c2d48716a24d41c5b52313e7e50570869721
-
SHA512
8a8492d19ff74ed0365eaf23ce80906d50106ea379ec009c995e1a01c900ddd5b841da323aecca4233b38908aa294a8609f05a8972de50306484c723d943f81f
-
SSDEEP
1536:qSquE20GQT5nOMGxDuAcOvMW12mAsIvPJMobLnfCOOpeMHO7r/d0hertr:tknOluF8hzI39jWpNH2rOertr
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-