General
-
Target
fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118
-
Size
1.9MB
-
Sample
240420-hc5szaag53
-
MD5
fc267f4dab10ac37397f4438d22caeb0
-
SHA1
c9b0d9667d6e53cfcfb65ed31d3b94aa2b2b707b
-
SHA256
a6ea0e0de7fc78b373e23b56cebacbfc7e67596027a22a7eabaf86bf332c5873
-
SHA512
a2cfbb3ce9189460f1f4a455f1edbdffaab3eead8e240626ec95b85e672e4fb4e6d4559af7ee1d03d5b84037dad749ca5bb8e3e47dd263d168e7c788435d7c76
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRhGDur/CbfXJ:5MMpXKb0hNGh1kG0HWnALb
Behavioral task
behavioral1
Sample
fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118
-
Size
1.9MB
-
MD5
fc267f4dab10ac37397f4438d22caeb0
-
SHA1
c9b0d9667d6e53cfcfb65ed31d3b94aa2b2b707b
-
SHA256
a6ea0e0de7fc78b373e23b56cebacbfc7e67596027a22a7eabaf86bf332c5873
-
SHA512
a2cfbb3ce9189460f1f4a455f1edbdffaab3eead8e240626ec95b85e672e4fb4e6d4559af7ee1d03d5b84037dad749ca5bb8e3e47dd263d168e7c788435d7c76
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRhGDur/CbfXJ:5MMpXKb0hNGh1kG0HWnALb
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (93) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-