General
-
Target
e5bfe642537ed5d490b337251ac06eef_JaffaCakes118
-
Size
5.4MB
-
Sample
240916-3b2p5svfmq
-
MD5
e5bfe642537ed5d490b337251ac06eef
-
SHA1
3749c07241aeda5fb6ad0d86b0db80dcc18502b0
-
SHA256
ca5af488e2794594c2cb7271a747d8b4851c64747aefae8565c67785353c9d55
-
SHA512
6dbef500fbf79eb5b48c107f111aacfb61989e41ad5799fc6d0c48ec2db765852f9031496fa89930937121e73a002917b70f098a86e809a96a8fea9c30d85238
-
SSDEEP
98304:lqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3QbkcxQMxoLUaYExY:lqPe1Cxcxk3ZAEUadzR8yc4gckWxoLUn
Static task
static1
Behavioral task
behavioral1
Sample
e5bfe642537ed5d490b337251ac06eef_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e5bfe642537ed5d490b337251ac06eef_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
e5bfe642537ed5d490b337251ac06eef_JaffaCakes118
-
Size
5.4MB
-
MD5
e5bfe642537ed5d490b337251ac06eef
-
SHA1
3749c07241aeda5fb6ad0d86b0db80dcc18502b0
-
SHA256
ca5af488e2794594c2cb7271a747d8b4851c64747aefae8565c67785353c9d55
-
SHA512
6dbef500fbf79eb5b48c107f111aacfb61989e41ad5799fc6d0c48ec2db765852f9031496fa89930937121e73a002917b70f098a86e809a96a8fea9c30d85238
-
SSDEEP
98304:lqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3QbkcxQMxoLUaYExY:lqPe1Cxcxk3ZAEUadzR8yc4gckWxoLUn
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3