Overview

overview

9

Static

static

3

0768e7b984...18.exe

windows7-x64

5

0768e7b984...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0768e7b9847ee5f9f23ac9f0ef8eb443_JaffaCakes118

  • Size

    7.8MB

  • Sample

    240328-rcpanaga4w

  • MD5

    0768e7b9847ee5f9f23ac9f0ef8eb443

  • SHA1

    ec505e2534233e823ec59186ab0a054099d34b27

  • SHA256

    a2fe39452dae56784fe033dd9ce6ad93d2bfb0f8a94a88b92eb70cbb7d16673e

  • SHA512

    4a7b59cad445263c31ddc944679bd1e2b77ae77c20da320490c0bac7895b95907d28594e8ff7fdef158530d4ea4b67c574a184f3ae93e2f37234f7c9b7bb5b12

  • SSDEEP

    196608:belQ0r439FYjQb6oyhTEt1LZyvF5V5I+d:ak9ejp5Et1LZy5d

Score
9/10
ransomware

Malware Config

Targets

    • Target

      0768e7b9847ee5f9f23ac9f0ef8eb443_JaffaCakes118

    • Size

      7.8MB

    • MD5

      0768e7b9847ee5f9f23ac9f0ef8eb443

    • SHA1

      ec505e2534233e823ec59186ab0a054099d34b27

    • SHA256

      a2fe39452dae56784fe033dd9ce6ad93d2bfb0f8a94a88b92eb70cbb7d16673e

    • SHA512

      4a7b59cad445263c31ddc944679bd1e2b77ae77c20da320490c0bac7895b95907d28594e8ff7fdef158530d4ea4b67c574a184f3ae93e2f37234f7c9b7bb5b12

    • SSDEEP

      196608:belQ0r439FYjQb6oyhTEt1LZyvF5V5I+d:ak9ejp5Et1LZy5d

    Score
    9/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Resource Development

Reconnaissance

Tasks