b9a78c31a4bf01702d9c24b9ec5df569f516569306e49217119e2fd09cc62634 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30d6ffbf1a09963ace158f9f9d2cef86_JaffaCakes118
Size

150KB
Sample

240709-sbk3aa1cke
MD5

30d6ffbf1a09963ace158f9f9d2cef86
SHA1

5aaa2081130225d211da1f009008997fc6fb3f5e
SHA256

b9a78c31a4bf01702d9c24b9ec5df569f516569306e49217119e2fd09cc62634
SHA512

3d345c64713598c19a9f58363b607b7a8c4d61c159dd797bf7a5c99d3052457bdd2125c34f66c420a6c1d6bd75d0b549095532ebc908f2c7a56d566c058e5ef5
SSDEEP

1536:Ka/ufFQjUho9JdZ5829coc/Nm9jfXwHeewVcl:Ka/NEo9JdZ5r9vRfX8eeqY

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  30d6ffbf1a09963ace158f9f9d2cef86_JaffaCakes118
- Size
  
  150KB
- MD5
  
  30d6ffbf1a09963ace158f9f9d2cef86
- SHA1
  
  5aaa2081130225d211da1f009008997fc6fb3f5e
- SHA256
  
  b9a78c31a4bf01702d9c24b9ec5df569f516569306e49217119e2fd09cc62634
- SHA512
  
  3d345c64713598c19a9f58363b607b7a8c4d61c159dd797bf7a5c99d3052457bdd2125c34f66c420a6c1d6bd75d0b549095532ebc908f2c7a56d566c058e5ef5
- SSDEEP
  
  1536:Ka/ufFQjUho9JdZ5829coc/Nm9jfXwHeewVcl:Ka/NEo9JdZ5r9vRfX8eeqY
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware