General
-
Target
4e3d22ddc692d71ff2339300d3885aec_JaffaCakes118
-
Size
3.4MB
-
Sample
240517-d2krwafc7v
-
MD5
4e3d22ddc692d71ff2339300d3885aec
-
SHA1
c4bac05426a73dc63f521f45ad8f1b7b57b5851d
-
SHA256
16d54cdf595fb8dfa72445f53f77de6370f796558d9bd2bc1e9375cdfcfee62f
-
SHA512
bb301d34df1c14b24d6ec806d7a6611a838869822ba1a36dd1bf8a3abe125784d45db4186537583456d7c69803802538d8b21c8e0fe469a991e249fc460804dc
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9Pd0B6GIkwR8yAVp2g3x:QqPe1Cxcxk3ZAEUadd0B6GIkwR8yc4gB
Static task
static1
Behavioral task
behavioral1
Sample
4e3d22ddc692d71ff2339300d3885aec_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4e3d22ddc692d71ff2339300d3885aec_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
4e3d22ddc692d71ff2339300d3885aec_JaffaCakes118
-
Size
3.4MB
-
MD5
4e3d22ddc692d71ff2339300d3885aec
-
SHA1
c4bac05426a73dc63f521f45ad8f1b7b57b5851d
-
SHA256
16d54cdf595fb8dfa72445f53f77de6370f796558d9bd2bc1e9375cdfcfee62f
-
SHA512
bb301d34df1c14b24d6ec806d7a6611a838869822ba1a36dd1bf8a3abe125784d45db4186537583456d7c69803802538d8b21c8e0fe469a991e249fc460804dc
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9Pd0B6GIkwR8yAVp2g3x:QqPe1Cxcxk3ZAEUadd0B6GIkwR8yc4gB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1