7633963d6f6f20d881f467839c55481cd65f0446936da730325cc4b45410d0d3 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

0dd22532b5...18.exe

windows7-x64

9

0dd22532b5...18.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

Target

0dd22532b5122bc60a490158b3bc43e9_JaffaCakes118
Size

20KB
Sample

240625-m43vxawbjb
MD5

0dd22532b5122bc60a490158b3bc43e9
SHA1

cd4b1b974e0591fd1cc6e60e6a876f712e010ea4
SHA256

7633963d6f6f20d881f467839c55481cd65f0446936da730325cc4b45410d0d3
SHA512

594b2c26c6c979c6b547ee492b81afcb0790317544ac053d0c9fd65fee4f5a9d8e015fab620041e90f50eacc1fc49781e039713d79489bbaacfd877a5a43ee15
SSDEEP

192:/TP4pgStJ91VYBdH+IgYUTGbLHF3iJsBJuQ:/TyxtnYBdeIgvwpiJsBcQ

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0dd22532b5122bc60a490158b3bc43e9_JaffaCakes118.exe

Resource

win7-20240220-en

ransomware spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0dd22532b5122bc60a490158b3bc43e9_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  0dd22532b5122bc60a490158b3bc43e9_JaffaCakes118
- Size
  
  20KB
- MD5
  
  0dd22532b5122bc60a490158b3bc43e9
- SHA1
  
  cd4b1b974e0591fd1cc6e60e6a876f712e010ea4
- SHA256
  
  7633963d6f6f20d881f467839c55481cd65f0446936da730325cc4b45410d0d3
- SHA512
  
  594b2c26c6c979c6b547ee492b81afcb0790317544ac053d0c9fd65fee4f5a9d8e015fab620041e90f50eacc1fc49781e039713d79489bbaacfd877a5a43ee15
- SSDEEP
  
  192:/TP4pgStJ91VYBdH+IgYUTGbLHF3iJsBJuQ:/TyxtnYBdeIgvwpiJsBcQ
Score

9^/10

ransomware spyware stealer
- Renames multiple (406) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

© 2018-2025

Terms | Privacy