Behavioral task
behavioral1
Sample
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118
-
Size
42KB
-
MD5
5884482db6adca2b8476c395c66805e7
-
SHA1
4c5b8b834d7d9e8b1316a1b8d2e7b9024022d4ce
-
SHA256
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839
-
SHA512
4e1007fb311c474217b8dfb810d04c2b188deadf56dcd81ee532a48abeb5fc29ff0eae7628cda5aa78f690f46c2370dfb3379e270ee03e83025f7a872f99e52d
-
SSDEEP
768:AO1oR/RVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDsUky5DuGMKKz0YnW:AXS1FKnDtkuImNNxFKU
Malware Config
Signatures
-
MAKOP ransomware payload 1 IoCs
resource yara_rule sample family_makop -
Makop family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118
Files
-
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118.exe windows:4 windows x86 arch:x86
364f4eb85abb3fe033aa9cfae7ac6b24
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mpr
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
kernel32
ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe
user32
wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC
gdi32
CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits
advapi32
CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
shell32
ord680
CommandLineToArgvW
SHGetSpecialFolderPathW
msimg32
GradientFill
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE