78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51 | Triage

Sharing

General

Target

9038c0bfcb41767a7b8d1a46652d53e2_JaffaCakes118
Size

554KB
Sample

240603-cnc97sff6w
MD5

9038c0bfcb41767a7b8d1a46652d53e2
SHA1

372dea083bcbbe7f494992f92b5559cf2dab11c7
SHA256

78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
SHA512

66c153d4e7de01de62775eb57f839f72bb185cb76e82cc12ff875287232fb8d9798bef909d94f10e43f766c0317988a98aa03ff7444b1ba97a5aeebe0858aa3d
SSDEEP

12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqQ:nLueaKR72qKoe/EhdKYavQ

Score

9^/10

defense_evasion evasion execution impact persistence ransomware trojan

Malware Config

Targets

- Target
  
  9038c0bfcb41767a7b8d1a46652d53e2_JaffaCakes118
- Size
  
  554KB
- MD5
  
  9038c0bfcb41767a7b8d1a46652d53e2
- SHA1
  
  372dea083bcbbe7f494992f92b5559cf2dab11c7
- SHA256
  
  78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
- SHA512
  
  66c153d4e7de01de62775eb57f839f72bb185cb76e82cc12ff875287232fb8d9798bef909d94f10e43f766c0317988a98aa03ff7444b1ba97a5aeebe0858aa3d
- SSDEEP
  
  12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqQ:nLueaKR72qKoe/EhdKYavQ
Score

9^/10

defense_evasion evasion execution impact persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasionevasionexecutionimpactpersistenceransomwaretrojan

behavioral2