General
-
Target
6c55d515eb2fff46e8f3398e95460553_JaffaCakes118
-
Size
353KB
-
Sample
240523-1fk7vahe8x
-
MD5
6c55d515eb2fff46e8f3398e95460553
-
SHA1
5e4cbcbe284270dfa59cd1ecf4ce2e59306a0323
-
SHA256
d9e3ab1bfca3fe32af07e0c5fef0943438c3e507bd0e08d5418c42b8796c1cfe
-
SHA512
279b621d4edf7110ba0b1a28ffe4c80ee17852ed2e6fb063ab6e8b704fabc6423b714a2d772db5a92deb561faf5e91d9e609c3a5a87129170fdb4eb6b2eaf251
-
SSDEEP
6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyAp0mgl8rhDM/2yT/Cw0B2uJ2s4otq0:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ5
Behavioral task
behavioral1
Sample
6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6c55d515eb2fff46e8f3398e95460553_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6c55d515eb2fff46e8f3398e95460553_JaffaCakes118
-
Size
353KB
-
MD5
6c55d515eb2fff46e8f3398e95460553
-
SHA1
5e4cbcbe284270dfa59cd1ecf4ce2e59306a0323
-
SHA256
d9e3ab1bfca3fe32af07e0c5fef0943438c3e507bd0e08d5418c42b8796c1cfe
-
SHA512
279b621d4edf7110ba0b1a28ffe4c80ee17852ed2e6fb063ab6e8b704fabc6423b714a2d772db5a92deb561faf5e91d9e609c3a5a87129170fdb4eb6b2eaf251
-
SSDEEP
6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyAp0mgl8rhDM/2yT/Cw0B2uJ2s4otq0:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ5
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-