Extracted

• • Target

    02f95431883571b60ac8aba1827e84e0_JaffaCakes118

  • Size

    5.3MB

  • MD5

    02f95431883571b60ac8aba1827e84e0

  • SHA1

    24bd00d1ca12306728a7f25b1847c8c10ca65355

  • SHA256

    8742ac94fd7adcb26361b7973f8a66a06968ae04f7d92d4876640d144eb43834

  • SHA512

    05bba479971f7516e72a83fcc2722199724fce42b14268dd43f6c691cb2f857846832b9d2f891a55419eeddce181f7ccda5793ddba45b3cae87061a6444d5b8a

  • SSDEEP

    98304:UxAWvB1FMUPdzjgAOH5XJtAyciIAW8ysGb4E/JOcdLYB27PtiSA1p+gaH:UxPKUPVjPOZUilW8y2E5qC

  Score

  10^/10

  ryukdavediscoveryransomwarevmprotect

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Renames multiple (187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Dave packer

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  behavioral1behavioral2