General
-
Target
3c1071bb7f0d879e08073b459d349d97_JaffaCakes118
-
Size
3.4MB
-
Sample
240512-z4yx6sbc25
-
MD5
3c1071bb7f0d879e08073b459d349d97
-
SHA1
b73619dcdcf9b6d9232759a88844fc5ee622516e
-
SHA256
fda8fcef277d442c8d8eb8f6badbf87df6873c4bf9eadf45ea24b751999cc412
-
SHA512
59f22ab75b8c98bd8d7c72d7079645428c1f9712ae157d65838f33b6e69dcea45acc0618e4076d41150c136e952a400d64aed35d428d2970f101bd8ae56ebbfb
-
SSDEEP
98304:IqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3Q:IqPe1Cxcxk3ZAEUadzR8yc4gg
Static task
static1
Behavioral task
behavioral1
Sample
3c1071bb7f0d879e08073b459d349d97_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
3c1071bb7f0d879e08073b459d349d97_JaffaCakes118
-
Size
3.4MB
-
MD5
3c1071bb7f0d879e08073b459d349d97
-
SHA1
b73619dcdcf9b6d9232759a88844fc5ee622516e
-
SHA256
fda8fcef277d442c8d8eb8f6badbf87df6873c4bf9eadf45ea24b751999cc412
-
SHA512
59f22ab75b8c98bd8d7c72d7079645428c1f9712ae157d65838f33b6e69dcea45acc0618e4076d41150c136e952a400d64aed35d428d2970f101bd8ae56ebbfb
-
SSDEEP
98304:IqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3Q:IqPe1Cxcxk3ZAEUadzR8yc4gg
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1