Extracted

Extracted

• • Target

    69bec32d50744293e85606a5e8f80425_JaffaCakes118

  • Size

    146KB

  • MD5

    69bec32d50744293e85606a5e8f80425

  • SHA1

    101b90ac7e0c2a8b570686c13dfa0e161ddd00e0

  • SHA256

    95739e350d7f2aca2c609768ee72ad67fcf05efca5c7ad8df3027c82b9c454cf

  • SHA512

    e01f976fcbfa67cfd6e97855d07350a27b67fcc825d4e813ac9d2f4e8f464bb4f8bbbbe58a26bc27e78fa15db0ee5271e8f041dd72f036c11964eb1c591b438f

  • SSDEEP

    3072:V6ZkRGjkBrmKmY99UpkD1/34bIpVSrtLmqc2LVMMqqD/h2LuTeONA5tIHVcH:IS9rLPPUpa3VVEtLXcCqqD/hOQnaMcH

  Score

  10^/10

  lockbitdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomware

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (6154) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1