General

  • Target

    a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240612-vhr6aawdql

  • MD5

    a16c7e895113d04cf1f51f2e8bb07a3e

  • SHA1

    72a08b1c129993b16a71bcc80c6a9b9813ffc7c7

  • SHA256

    bce249e3a1b163bbfd7ffa79fa607a1f566b8356ecd41d16e52b4aa0507e90f2

  • SHA512

    8109f180898d482702cbbe52beb88379ea734abc996805762b40de790080b498cc32e41363a9259aad682e64f49fec92eb522ca766df4d3879d14fb19fed4683

  • SSDEEP

    24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv3:BEs1lh

Score
10/10

Malware Config

Targets

    • Target

      a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118

    • Size

      1.4MB

    • MD5

      a16c7e895113d04cf1f51f2e8bb07a3e

    • SHA1

      72a08b1c129993b16a71bcc80c6a9b9813ffc7c7

    • SHA256

      bce249e3a1b163bbfd7ffa79fa607a1f566b8356ecd41d16e52b4aa0507e90f2

    • SHA512

      8109f180898d482702cbbe52beb88379ea734abc996805762b40de790080b498cc32e41363a9259aad682e64f49fec92eb522ca766df4d3879d14fb19fed4683

    • SSDEEP

      24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv3:BEs1lh

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks