General
-
Target
a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118
-
Size
1.4MB
-
Sample
240612-vhr6aawdql
-
MD5
a16c7e895113d04cf1f51f2e8bb07a3e
-
SHA1
72a08b1c129993b16a71bcc80c6a9b9813ffc7c7
-
SHA256
bce249e3a1b163bbfd7ffa79fa607a1f566b8356ecd41d16e52b4aa0507e90f2
-
SHA512
8109f180898d482702cbbe52beb88379ea734abc996805762b40de790080b498cc32e41363a9259aad682e64f49fec92eb522ca766df4d3879d14fb19fed4683
-
SSDEEP
24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv3:BEs1lh
Static task
static1
Behavioral task
behavioral1
Sample
a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a16c7e895113d04cf1f51f2e8bb07a3e_JaffaCakes118
-
Size
1.4MB
-
MD5
a16c7e895113d04cf1f51f2e8bb07a3e
-
SHA1
72a08b1c129993b16a71bcc80c6a9b9813ffc7c7
-
SHA256
bce249e3a1b163bbfd7ffa79fa607a1f566b8356ecd41d16e52b4aa0507e90f2
-
SHA512
8109f180898d482702cbbe52beb88379ea734abc996805762b40de790080b498cc32e41363a9259aad682e64f49fec92eb522ca766df4d3879d14fb19fed4683
-
SSDEEP
24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv3:BEs1lh
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-