2754e46e0d545ad8f6b5cbc526045732d964ebdfa18cb077d0fa91e58e659663 | Triage

Submit
Reports

Overview

overview

Static

static

3

63a4f18e26...18.exe

windows7-x64

63a4f18e26...18.exe

windows10-2004-x64

Sharing

General

Target

63a4f18e268767cca71f41e557b9a1d1_JaffaCakes118
Size

23.6MB
Sample

240521-rzkwrahe3x
MD5

63a4f18e268767cca71f41e557b9a1d1
SHA1

64c2fbdac8e510c6554f159eb0e890c7dd92824f
SHA256

2754e46e0d545ad8f6b5cbc526045732d964ebdfa18cb077d0fa91e58e659663
SHA512

bc0cb39d0f2e0d178ce7dfaeb64002c79b5fddd7b14ef9203b14af3e99a93fd7196d4ab144246963dffd862b344c2c786d3ebf24cd8f31187094515d2f59d804
SSDEEP

393216:KBRW6T1WKIo36MfMt3xHgQp7UIs2N8sZmFl6Ct9qH72+8ypHe+Usrd7wZypXIUOW:36T9I9OMV4Id8JF809qiApysrd8ZyuUt

Score

10^/10

discovery evasion persistence ransomware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

63a4f18e268767cca71f41e557b9a1d1_JaffaCakes118.exe

Resource

win7-20240508-en

discovery evasion persistence ransomware trojan

windows7-x64

29 signatures

150 seconds

Behavioral task

behavioral2

Sample

63a4f18e268767cca71f41e557b9a1d1_JaffaCakes118.exe

Resource

win10v2004-20240426-en

discovery evasion persistence ransomware trojan

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  63a4f18e268767cca71f41e557b9a1d1_JaffaCakes118
- Size
  
  23.6MB
- MD5
  
  63a4f18e268767cca71f41e557b9a1d1
- SHA1
  
  64c2fbdac8e510c6554f159eb0e890c7dd92824f
- SHA256
  
  2754e46e0d545ad8f6b5cbc526045732d964ebdfa18cb077d0fa91e58e659663
- SHA512
  
  bc0cb39d0f2e0d178ce7dfaeb64002c79b5fddd7b14ef9203b14af3e99a93fd7196d4ab144246963dffd862b344c2c786d3ebf24cd8f31187094515d2f59d804
- SSDEEP
  
  393216:KBRW6T1WKIo36MfMt3xHgQp7UIs2N8sZmFl6Ct9qH72+8ypHe+Usrd7wZypXIUOW:36T9I9OMV4Id8JF809qiApysrd8ZyuUt
Score

10^/10

discovery evasion persistence ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryevasionpersistenceransomwaretrojan

behavioral2

discoveryevasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy