0e82c3446ead43c5802479045460e6d8db1229c10a9620e68e6ab828d4b17fff | Triage

Submit
Reports

Overview

overview

9

Static

static

3

01fed01278...18.exe

windows7-x64

3

01fed01278...18.exe

windows10-2004-x64

9

Sharing

General

Target

01fed012786da9458880cd8ad023ccab_JaffaCakes118
Size

2.4MB
Sample

240427-ap6xssfb24
MD5

01fed012786da9458880cd8ad023ccab
SHA1

b10c8f3c7c7a5b71bf958359c5b4da54a5a98056
SHA256

0e82c3446ead43c5802479045460e6d8db1229c10a9620e68e6ab828d4b17fff
SHA512

2be3676cf86458574db17c62420020cdf2d4aa82621c5dec640a300a998180cab8fa3cc6011dda7c6b0122895c513d7aa718e564dbe3193a9dca64f9b4e2b54c
SSDEEP

49152:kJxNHabdDlGc/za1rlFQFigZL+l63UBU3EWttCwYXn6CQqilfG1M3FB:kOLa1ZFU6l0YU3l3QCjgMVB

Score

9^/10

persistence ransomware spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01fed012786da9458880cd8ad023ccab_JaffaCakes118.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

01fed012786da9458880cd8ad023ccab_JaffaCakes118.exe

Resource

win10v2004-20240419-en

persistence ransomware spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  01fed012786da9458880cd8ad023ccab_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  01fed012786da9458880cd8ad023ccab
- SHA1
  
  b10c8f3c7c7a5b71bf958359c5b4da54a5a98056
- SHA256
  
  0e82c3446ead43c5802479045460e6d8db1229c10a9620e68e6ab828d4b17fff
- SHA512
  
  2be3676cf86458574db17c62420020cdf2d4aa82621c5dec640a300a998180cab8fa3cc6011dda7c6b0122895c513d7aa718e564dbe3193a9dca64f9b4e2b54c
- SSDEEP
  
  49152:kJxNHabdDlGc/za1rlFQFigZL+l63UBU3EWttCwYXn6CQqilfG1M3FB:kOLa1ZFU6l0YU3l3QCjgMVB
Score

9^/10

persistence ransomware spyware stealer upx
- Renames multiple (219) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

persistenceransomwarespywarestealerupx

© 2018-2024

Terms | Privacy