Extracted

Extracted

• • Target

    ed4a8785508ccc5fb00eb036c170ca41_JaffaCakes118

  • Size

    349KB

  • MD5

    ed4a8785508ccc5fb00eb036c170ca41

  • SHA1

    388b15fcb3754b12e299a38fe0985aa55b6f81cd

  • SHA256

    a2fb7c7b2f664b89e7c6adf7a64372f4ec4010f2c6499d91157d528c7e41d2f6

  • SHA512

    30c4b65833f42744b33fc553a3195c21eb6317d911ac28b0e16acf6b1eedf2c87f0ee99595e3096bc776947f9084babefe28098fd869789627c6713ec839eb83

  • SSDEEP

    6144:z/FC+4Lks//NPXGOuexhgB6wlw+oo9RXjcAG:z/FC+Ls/gOuJ1ljo2RQL

  Score

  10^/10

  dharmacredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (321) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2