d989d682abae81162d7fe9ee3e9360fc3e4d2c8cb02eff69c385e0d7c3a26b95 | Triage

Sharing

General

Target

aa35e4b57c1cffa400252d7c0ed86489_JaffaCakes118
Size

96KB
Sample

240614-ry8w7avcmc
MD5

aa35e4b57c1cffa400252d7c0ed86489
SHA1

66ff11b0799df69bf02711518197d89f5b09f5c4
SHA256

d989d682abae81162d7fe9ee3e9360fc3e4d2c8cb02eff69c385e0d7c3a26b95
SHA512

1127fd5019cd94f7e15a6109fa274539b64ad676ee12897fa7252ff1f96ae92c9493fa855e94a90685d4be7d2afd5d675e9e882e7879f57a4b80052ac7215c17
SSDEEP

1536:iKY6w0gUYfy8INUt5RonVKwjZ4mJzrVnrmrPfIqBVz/fTT:k0gfy8OUZondp10Iqvz/fTT

Score

10^/10

defense_evasion evasion execution impact ransomware

Malware Config

Targets

- Target
  
  aa35e4b57c1cffa400252d7c0ed86489_JaffaCakes118
- Size
  
  96KB
- MD5
  
  aa35e4b57c1cffa400252d7c0ed86489
- SHA1
  
  66ff11b0799df69bf02711518197d89f5b09f5c4
- SHA256
  
  d989d682abae81162d7fe9ee3e9360fc3e4d2c8cb02eff69c385e0d7c3a26b95
- SHA512
  
  1127fd5019cd94f7e15a6109fa274539b64ad676ee12897fa7252ff1f96ae92c9493fa855e94a90685d4be7d2afd5d675e9e882e7879f57a4b80052ac7215c17
- SSDEEP
  
  1536:iKY6w0gUYfy8INUt5RonVKwjZ4mJzrVnrmrPfIqBVz/fTT:k0gfy8OUZondp10Iqvz/fTT
Score

10^/10

defense_evasion execution impact ransomware evasion
- Disables service(s)
  evasion execution
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Windows Management Instrumentation

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

defense_evasionexecutionimpactransomware

behavioral2

evasionexecution