General
-
Target
219407ddfd792bd58cba6b267ddef3cc_JaffaCakes118
-
Size
5.0MB
-
Sample
240507-zgdcyshf22
-
MD5
219407ddfd792bd58cba6b267ddef3cc
-
SHA1
d5d64075255259f871b68dd1f6c67a5dfac1bb09
-
SHA256
6bb91cc643e06254aea95a04a3660c5ac4906d7a812336d3e13c0c586185005c
-
SHA512
5a3811a7ec1ca207d868701b7964ea6d0d07d5799f9ddd5997803c054a6ae6a6471d1efe50e8df2e689e9bb70e7cbd911b146a20d2f627b9c143c83ce5654c13
-
SSDEEP
49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6S9I5c/bXZROAx:+DqPoBhz1aRxcSUDk36SQc/J
Static task
static1
Behavioral task
behavioral1
Sample
219407ddfd792bd58cba6b267ddef3cc_JaffaCakes118.dll
Resource
win11-20240426-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
219407ddfd792bd58cba6b267ddef3cc_JaffaCakes118
-
Size
5.0MB
-
MD5
219407ddfd792bd58cba6b267ddef3cc
-
SHA1
d5d64075255259f871b68dd1f6c67a5dfac1bb09
-
SHA256
6bb91cc643e06254aea95a04a3660c5ac4906d7a812336d3e13c0c586185005c
-
SHA512
5a3811a7ec1ca207d868701b7964ea6d0d07d5799f9ddd5997803c054a6ae6a6471d1efe50e8df2e689e9bb70e7cbd911b146a20d2f627b9c143c83ce5654c13
-
SSDEEP
49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6S9I5c/bXZROAx:+DqPoBhz1aRxcSUDk36SQc/J
-
Contacts a large (17931) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3