General
-
Target
912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118
-
Size
76KB
-
Sample
240813-cdqgsatdnq
-
MD5
912caa5f1b7d3a8ec9b88b1d6091ec31
-
SHA1
99bd13fb58efbee85fae63a16adc92f08fccfe29
-
SHA256
ec347a4e05075b4cdaae20174cae3d7a8d4a996f6c4a336ece8f0fe6ecdc31d8
-
SHA512
9d998338acce07afb43c3eb98f81a54b2ba6cc3d051f63a32a5eac6fe92de2943f996a12a4dca3e2db67327fb8c986d9b4cc0d60e75b38fe5d7329d7310d5faa
-
SSDEEP
1536:yBdsUKIT0JOSj6IW8CCTdqOoXfGAe0D0pUd:w+IN8rCAdqOoXfZe0Dkw
Static task
static1
Behavioral task
behavioral1
Sample
912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118
-
Size
76KB
-
MD5
912caa5f1b7d3a8ec9b88b1d6091ec31
-
SHA1
99bd13fb58efbee85fae63a16adc92f08fccfe29
-
SHA256
ec347a4e05075b4cdaae20174cae3d7a8d4a996f6c4a336ece8f0fe6ecdc31d8
-
SHA512
9d998338acce07afb43c3eb98f81a54b2ba6cc3d051f63a32a5eac6fe92de2943f996a12a4dca3e2db67327fb8c986d9b4cc0d60e75b38fe5d7329d7310d5faa
-
SSDEEP
1536:yBdsUKIT0JOSj6IW8CCTdqOoXfGAe0D0pUd:w+IN8rCAdqOoXfZe0Dkw
Score10/10-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-