General
-
Target
1fca046507f600012747e06aa56f6107_JaffaCakes118
-
Size
70KB
-
Sample
240702-sn8n4sycjd
-
MD5
1fca046507f600012747e06aa56f6107
-
SHA1
fa2f8c5aba192bb872dc7a46676fc71e47fe9b8c
-
SHA256
e1d5093241a6a7fb2e7492e31f4935fd7b62246660a4ae634940c5ea5f71d049
-
SHA512
d4c57dca82bbdb1d78cb5aefcb00c8a624426d6dc5d3c62d9c20053168ec86635a1b237da4ebdf9d3df1c89f5bc8b180faa8600aca8eaf8a2fbf093fe0bbdcc6
-
SSDEEP
1536:tq+wO8I7VY1dZzwD2CDjyH7iG1Q9Ubay75gSK:to+7VY5q28OH7i3Uf+t
Static task
static1
Behavioral task
behavioral1
Sample
1fca046507f600012747e06aa56f6107_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1fca046507f600012747e06aa56f6107_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1fca046507f600012747e06aa56f6107_JaffaCakes118
-
Size
70KB
-
MD5
1fca046507f600012747e06aa56f6107
-
SHA1
fa2f8c5aba192bb872dc7a46676fc71e47fe9b8c
-
SHA256
e1d5093241a6a7fb2e7492e31f4935fd7b62246660a4ae634940c5ea5f71d049
-
SHA512
d4c57dca82bbdb1d78cb5aefcb00c8a624426d6dc5d3c62d9c20053168ec86635a1b237da4ebdf9d3df1c89f5bc8b180faa8600aca8eaf8a2fbf093fe0bbdcc6
-
SSDEEP
1536:tq+wO8I7VY1dZzwD2CDjyH7iG1Q9Ubay75gSK:to+7VY5q28OH7i3Uf+t
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-