General
-
Target
02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118
-
Size
75KB
-
Sample
240620-fb2ntazanf
-
MD5
02e324fc34f9a066c190c3d495ca9c82
-
SHA1
24c83ccadd0978e36d14772203e9e45ad35585ff
-
SHA256
a0814c03e2977dbd8d63ba247ed2e3b3cef500daccda5ddad4f14e29dbf46673
-
SHA512
0ed0e2afb9a5cf6c4e2851b4bb8e045f528de630b8ff77a845dda65312fcabfcc94372ea667fe8a847d575b956fdfff700e5b572ea624cead22014c14b5d7325
-
SSDEEP
1536:LV/zjZJASlydOl0gJm4oFnVyYtYV6+hMeYIJy0B/YSmC+uTTgZ:9jffzFoFn4YCTMetrASmC+g6
Static task
static1
Behavioral task
behavioral1
Sample
02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118
-
Size
75KB
-
MD5
02e324fc34f9a066c190c3d495ca9c82
-
SHA1
24c83ccadd0978e36d14772203e9e45ad35585ff
-
SHA256
a0814c03e2977dbd8d63ba247ed2e3b3cef500daccda5ddad4f14e29dbf46673
-
SHA512
0ed0e2afb9a5cf6c4e2851b4bb8e045f528de630b8ff77a845dda65312fcabfcc94372ea667fe8a847d575b956fdfff700e5b572ea624cead22014c14b5d7325
-
SSDEEP
1536:LV/zjZJASlydOl0gJm4oFnVyYtYV6+hMeYIJy0B/YSmC+uTTgZ:9jffzFoFn4YCTMetrASmC+g6
Score9/10-
Renames multiple (219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-