General
-
Target
97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118
-
Size
1.1MB
-
Sample
240605-k56xvabf3v
-
MD5
97aa992d7a114b8bf08c4a03e3d13f13
-
SHA1
f457a5c6f3fbb3e9cccde160e82ed6520cafc2a7
-
SHA256
52870f2e75fa9c8073182e6779708adea25e096036561e4099e81cf5975a33ec
-
SHA512
252c5b2e1a8862a8936c51ea2927ee8888a9d006b6cb96fd2833bea7942402e12f7d0a7f419e318bb88e43f3b55a909d0fb19b415186d9e0d74df0246730ae2d
-
SSDEEP
24576:eHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0m+W:eHtV7GwBSTc8An/4YuW
Static task
static1
Behavioral task
behavioral1
Sample
97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
97aa992d7a114b8bf08c4a03e3d13f13_JaffaCakes118
-
Size
1.1MB
-
MD5
97aa992d7a114b8bf08c4a03e3d13f13
-
SHA1
f457a5c6f3fbb3e9cccde160e82ed6520cafc2a7
-
SHA256
52870f2e75fa9c8073182e6779708adea25e096036561e4099e81cf5975a33ec
-
SHA512
252c5b2e1a8862a8936c51ea2927ee8888a9d006b6cb96fd2833bea7942402e12f7d0a7f419e318bb88e43f3b55a909d0fb19b415186d9e0d74df0246730ae2d
-
SSDEEP
24576:eHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0m+W:eHtV7GwBSTc8An/4YuW
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-