General
-
Target
01dacb4881715814e99dd9333b5616b6_JaffaCakes118
-
Size
1.1MB
-
Sample
240426-2w8thsdg96
-
MD5
01dacb4881715814e99dd9333b5616b6
-
SHA1
e542473ed025c2f2ecab8f9bcc09f4fdb1702a4c
-
SHA256
7df4b81f94e23dac8d6bf5dab2871c23af2b9d24a073f3ec6abf03bcf061bd38
-
SHA512
c74b2760b4242da68c3e548dc227d31195829a2794713ca686ac065a25139e8ab47c3802da2e14830532be8de78064daef524f81b323bb3f01990d4fbf95a3a5
-
SSDEEP
24576:ZMMpXS0hN0V0HoSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nc:Kwi0L0qlR
Behavioral task
behavioral1
Sample
01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
01dacb4881715814e99dd9333b5616b6_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
01dacb4881715814e99dd9333b5616b6_JaffaCakes118
-
Size
1.1MB
-
MD5
01dacb4881715814e99dd9333b5616b6
-
SHA1
e542473ed025c2f2ecab8f9bcc09f4fdb1702a4c
-
SHA256
7df4b81f94e23dac8d6bf5dab2871c23af2b9d24a073f3ec6abf03bcf061bd38
-
SHA512
c74b2760b4242da68c3e548dc227d31195829a2794713ca686ac065a25139e8ab47c3802da2e14830532be8de78064daef524f81b323bb3f01990d4fbf95a3a5
-
SSDEEP
24576:ZMMpXS0hN0V0HoSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nc:Kwi0L0qlR
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-