General
-
Target
b7dd575efe71cd0456bd1b90485c7b62_JaffaCakes118
-
Size
3.6MB
-
Sample
240617-la6h9svalh
-
MD5
b7dd575efe71cd0456bd1b90485c7b62
-
SHA1
66272ccc2a4342e6bdcea798b943d2860863a536
-
SHA256
070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d
-
SHA512
7c3fc1636df638e91960b56351da663cece386479eb7d01d26a01118dd92ef59df3ddbd6dc464b8d193d448a8d60b7f9fac4cdcdabfd5cbb0ad983b6348f65e8
-
SSDEEP
98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:dDqPe1Cxcxk3ZAEUadzR8yc4gB
Static task
static1
Behavioral task
behavioral1
Sample
b7dd575efe71cd0456bd1b90485c7b62_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b7dd575efe71cd0456bd1b90485c7b62_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\ProgramData\ppcvxtmedh378\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
b7dd575efe71cd0456bd1b90485c7b62_JaffaCakes118
-
Size
3.6MB
-
MD5
b7dd575efe71cd0456bd1b90485c7b62
-
SHA1
66272ccc2a4342e6bdcea798b943d2860863a536
-
SHA256
070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d
-
SHA512
7c3fc1636df638e91960b56351da663cece386479eb7d01d26a01118dd92ef59df3ddbd6dc464b8d193d448a8d60b7f9fac4cdcdabfd5cbb0ad983b6348f65e8
-
SSDEEP
98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:dDqPe1Cxcxk3ZAEUadzR8yc4gB
-
Contacts a large (2699) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1