7868fbfccd2b80be0760808d04086e4ca5b2c644f9b06571419780c34dd73d4e | Triage

Sharing

General

Target

4bbb7a73157575a993245b84f04f6223_JaffaCakes118
Size

6.3MB
Sample

240715-2pfjdsvhrg
MD5

4bbb7a73157575a993245b84f04f6223
SHA1

1c0c13a5d0bab990d342c5c79f231f1fb974799e
SHA256

7868fbfccd2b80be0760808d04086e4ca5b2c644f9b06571419780c34dd73d4e
SHA512

d5d25ae52f9b5a92da784966348130d5563bd12a1d02a74448389e13d55eb5924254a07f328482a392e338601d02761c1387fa5d98c6bd676ded3dbbf07492fb
SSDEEP

196608:jVkpVLECFbM7eLIbS46cDFQZNlZRM3XdaIe:j6dFw7eLIb2mQZTvuaIe

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  4bbb7a73157575a993245b84f04f6223_JaffaCakes118
- Size
  
  6.3MB
- MD5
  
  4bbb7a73157575a993245b84f04f6223
- SHA1
  
  1c0c13a5d0bab990d342c5c79f231f1fb974799e
- SHA256
  
  7868fbfccd2b80be0760808d04086e4ca5b2c644f9b06571419780c34dd73d4e
- SHA512
  
  d5d25ae52f9b5a92da784966348130d5563bd12a1d02a74448389e13d55eb5924254a07f328482a392e338601d02761c1387fa5d98c6bd676ded3dbbf07492fb
- SSDEEP
  
  196608:jVkpVLECFbM7eLIbS46cDFQZNlZRM3XdaIe:j6dFw7eLIb2mQZTvuaIe
Score

10^/10

evasion persistence ransomware
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Clears Windows event logs
  evasion ransomware
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Power Settings

Privilege Escalation

Defense Evasion

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware