Overview

overview

9

Static

static

3

3d8277eae2...18.exe

windows7-x64

3d8277eae2...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d8277eae29afe5fa91180fc938f4b3c_JaffaCakes118

  • Size

    758KB

  • Sample

    240729-khnsrazflr

  • MD5

    3d8277eae29afe5fa91180fc938f4b3c

  • SHA1

    02770a9b83cd8c82c70814d5b72041e240d3bed1

  • SHA256

    f2f03b4d660d6c9ea2aa67e9be35f6ab4c4e5daf9673622b645e29fb85c7faf4

  • SHA512

    bbd37e220d0d6c350e9fc3c38c33dce4aa8af4c5be7708a375b80f821ca0eb9c8248335b964f734793bbd10a0cf32462f955d531920cc747f7816fbb93333c0f

  • SSDEEP

    12288:5dtnqYk9TmLe+TBshw02+xodZ2iSjD5cdrLbVrBpFpQcBJBgqZDE0OF:5d1qYESNTBI1xoPrPVrBpFpDXgqZi

Score
9/10
defense_evasiondiscoveryevasionpersistenceransomware

Malware Config

Targets

    • Target

      3d8277eae29afe5fa91180fc938f4b3c_JaffaCakes118

    • Size

      758KB

    • MD5

      3d8277eae29afe5fa91180fc938f4b3c

    • SHA1

      02770a9b83cd8c82c70814d5b72041e240d3bed1

    • SHA256

      f2f03b4d660d6c9ea2aa67e9be35f6ab4c4e5daf9673622b645e29fb85c7faf4

    • SHA512

      bbd37e220d0d6c350e9fc3c38c33dce4aa8af4c5be7708a375b80f821ca0eb9c8248335b964f734793bbd10a0cf32462f955d531920cc747f7816fbb93333c0f

    • SSDEEP

      12288:5dtnqYk9TmLe+TBshw02+xodZ2iSjD5cdrLbVrBpFpQcBJBgqZDE0OF:5d1qYESNTBI1xoPrPVrBpFpDXgqZi

    Score
    9/10
    defense_evasiondiscoveryevasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

      defense_evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks