General
-
Target
JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0
-
Size
210KB
-
Sample
250604-sjf4aszxa1
-
MD5
0da78b6b371fdf8688009e20cf37ceb0
-
SHA1
380059acac2164b762bb8a042888cea075045780
-
SHA256
690d258f4e9f86ecdc551a268db098c3a3029866f31d96cdc1177c49c6e5f27b
-
SHA512
b7e56494c9462aefea4a7cb07c5175a650ae7d5910f120826f32915e478ff9269d3d46999ff44b8bece2ae8cafc71c24f74841d49319cf529c61407ceb2e65ca
-
SSDEEP
3072:sPUfyo6aRh6CzNiof2HtA2PtLR34PQhVDYwNXKakdyvlJeGhsYa/YWGGXHjf/Rgr:sagCxLf2NA0tK4XDYwNp
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0
-
Size
210KB
-
MD5
0da78b6b371fdf8688009e20cf37ceb0
-
SHA1
380059acac2164b762bb8a042888cea075045780
-
SHA256
690d258f4e9f86ecdc551a268db098c3a3029866f31d96cdc1177c49c6e5f27b
-
SHA512
b7e56494c9462aefea4a7cb07c5175a650ae7d5910f120826f32915e478ff9269d3d46999ff44b8bece2ae8cafc71c24f74841d49319cf529c61407ceb2e65ca
-
SSDEEP
3072:sPUfyo6aRh6CzNiof2HtA2PtLR34PQhVDYwNXKakdyvlJeGhsYa/YWGGXHjf/Rgr:sagCxLf2NA0tK4XDYwNp
-
Andromeda family
-
Detects Andromeda payload.
-
UAC bypass
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3