Extracted

Extracted

• • Target

    dbae9888aa3dfd015e4e1b91961333b2_JaffaCakes118

  • Size

    414KB

  • MD5

    dbae9888aa3dfd015e4e1b91961333b2

  • SHA1

    4171e53023cc452393dd11f128fd971deae613a7

  • SHA256

    6d7b3d5696d4c8199a46bdc6f9f6d8310cb8052c5cca92dd91da819c53622654

  • SHA512

    91f11c53b9d8c5bd0085e993206344fa9a3b01426d32a8647703a1c4046ea6db89e38c1a6db6debf2e6cc9df4b2aa225e3b551eb51c1004581c01d4c72cd31cc

  • SSDEEP

    6144:81gNhF7mMk80a3Lsls6r/qqkdb+FoetPeh6mJbYXGf5yh/oJyBFThmBcjUm:pNW8h3Los6ryG0FJcXlQJyvEcjUm

  Score

  10^/10

  dharmacredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerupx

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (315) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2