Overview

overview

10

Static

static

3

735ae0b3e0...18.exe

windows7-x64

10

735ae0b3e0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118

  • Size

    873KB

  • Sample

    240525-1pagpsbf5w

  • MD5

    735ae0b3e03f102ac38f6e5dfb8188a7

  • SHA1

    f7d1ac0ed7f9b2507e06f20589b746631b07adf0

  • SHA256

    7304580f4667c8beaa430ff265a32166c6451c94d51287949be37312cad1cfb6

  • SHA512

    47ef3a839c0f23c6bbea5266238e832b57cced7509f2750936dd1e252cf9acd2d0bee44fbbea7a70562b0af8a4b1669bdacf39c20f532c8968fd6d04c6d26693

  • SSDEEP

    24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvS:BEs1lY

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118

    • Size

      873KB

    • MD5

      735ae0b3e03f102ac38f6e5dfb8188a7

    • SHA1

      f7d1ac0ed7f9b2507e06f20589b746631b07adf0

    • SHA256

      7304580f4667c8beaa430ff265a32166c6451c94d51287949be37312cad1cfb6

    • SHA512

      47ef3a839c0f23c6bbea5266238e832b57cced7509f2750936dd1e252cf9acd2d0bee44fbbea7a70562b0af8a4b1669bdacf39c20f532c8968fd6d04c6d26693

    • SSDEEP

      24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvS:BEs1lY

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks