General
-
Target
f1a79f9cba710bf8cc11122d6999d66d_JaffaCakes118
-
Size
271KB
-
Sample
240922-ke58mazgpl
-
MD5
f1a79f9cba710bf8cc11122d6999d66d
-
SHA1
3756af4d51bb0511e5ef4319eaf7720b4c73194b
-
SHA256
b6cb0ed4ec3397234c1f67bef483ee62f45ca9d1becca3fa0c9fcbe3642acf9a
-
SHA512
3394ad10858ec3161c2e084f79a22ce74d6c1102581af4ef6576ec78eabe82fc9f5ee6c248d1389927a983c4385e905a5c559d711100bd391b6b80f76943c8ed
-
SSDEEP
6144:Kn/L+GOm9pZ9rBzo/pwwIIg8I32PkFVEXS:0zOm9r99/8y2PSaS
Static task
static1
Behavioral task
behavioral1
Sample
f1a79f9cba710bf8cc11122d6999d66d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f1a79f9cba710bf8cc11122d6999d66d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Arrays.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Arrays.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta
Extracted
C:\Users\Admin\Documents\OneNote Notebooks\README.hta
Targets
-
-
Target
f1a79f9cba710bf8cc11122d6999d66d_JaffaCakes118
-
Size
271KB
-
MD5
f1a79f9cba710bf8cc11122d6999d66d
-
SHA1
3756af4d51bb0511e5ef4319eaf7720b4c73194b
-
SHA256
b6cb0ed4ec3397234c1f67bef483ee62f45ca9d1becca3fa0c9fcbe3642acf9a
-
SHA512
3394ad10858ec3161c2e084f79a22ce74d6c1102581af4ef6576ec78eabe82fc9f5ee6c248d1389927a983c4385e905a5c559d711100bd391b6b80f76943c8ed
-
SSDEEP
6144:Kn/L+GOm9pZ9rBzo/pwwIIg8I32PkFVEXS:0zOm9r99/8y2PSaS
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Contacts a large (512) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a436db0c473a087eb61ff5c53c34ba27
-
SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506
-
SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
-
SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
SSDEEP
192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score3/10 -
-
-
Target
Arrays.dll
-
Size
102KB
-
MD5
53b475200fd923b7dee70ea8b213b096
-
SHA1
6f6c4a51f57cde10a00523fd1e5c6b8941c11f8a
-
SHA256
43e3d1893e027ce4858e5ffcdd1eebf66d3d63a8468a9cd321faeefa6f2a7ad5
-
SHA512
3f040a619b5fabe3fe2d6d98c5e627464e7e2c75dc633da6402549c6513805ba65ac0263f2450563b1191fe0baa74650eacb187dc11a32d0f33927ab9c354b1e
-
SSDEEP
1536:TtSxNSTafXiv7AcKXwX3ZUMUmIrCRHOFmv8AhwbHUjPRDAcq/iLs+84hEtiP0Nib:T8x3XK8kGYIbQv8PKRq/Utzj
Score3/10 -