General
-
Target
fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118
-
Size
6.2MB
-
Sample
240419-3syptaaf63
-
MD5
fb6fb098e1afdcb8036b9cbb5883beb6
-
SHA1
df16a18cda4d121764887b803cb824cad1a61099
-
SHA256
9c20ff57fc85910037e679b90d080907724389ae49efe6a3d56f2a8c85329e41
-
SHA512
af8d9c29af8070fa90b5707f139c248e862e1547c76cdb837f68a77759498ead6e92bc7b7c7677a2c574fde3d513ec0c1f135098049388f984be87f0a9b3644d
-
SSDEEP
49152:gwi0L0qKEB8NIMI8Sfpwotkzaxc1OGz8KTpKXl53q:ri0mIMzKpXOMGQKTpKXl5a
Behavioral task
behavioral1
Sample
fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118
-
Size
6.2MB
-
MD5
fb6fb098e1afdcb8036b9cbb5883beb6
-
SHA1
df16a18cda4d121764887b803cb824cad1a61099
-
SHA256
9c20ff57fc85910037e679b90d080907724389ae49efe6a3d56f2a8c85329e41
-
SHA512
af8d9c29af8070fa90b5707f139c248e862e1547c76cdb837f68a77759498ead6e92bc7b7c7677a2c574fde3d513ec0c1f135098049388f984be87f0a9b3644d
-
SSDEEP
49152:gwi0L0qKEB8NIMI8Sfpwotkzaxc1OGz8KTpKXl53q:ri0mIMzKpXOMGQKTpKXl5a
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-