General
-
Target
04855f75f72f288f166de39c57f9a530_JaffaCakes118
-
Size
7KB
-
Sample
241001-f5kmdsxakc
-
MD5
04855f75f72f288f166de39c57f9a530
-
SHA1
4521e56c70bac58ca750791d1820caeb21496717
-
SHA256
5502c0a83dc6c11372f964be66e2e2aa4eb7bcfad8c3fd8e8c958f961bd0772b
-
SHA512
c6423fce53b8107dc5712df131cf8e3f0873fdd95b5bd41c54158d13bade5fd1c7ebf965e8b6853a0df049bd57a696cc1cf7aa456cf9adddf9553e11747d2f33
-
SSDEEP
96:V7Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx3FL46xdiozCL1MKHMU:5zdrr1FG1WDCgmjPZ3FM6TDKHMUA
Behavioral task
behavioral1
Sample
04855f75f72f288f166de39c57f9a530_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
04855f75f72f288f166de39c57f9a530_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
04855f75f72f288f166de39c57f9a530_JaffaCakes118
-
Size
7KB
-
MD5
04855f75f72f288f166de39c57f9a530
-
SHA1
4521e56c70bac58ca750791d1820caeb21496717
-
SHA256
5502c0a83dc6c11372f964be66e2e2aa4eb7bcfad8c3fd8e8c958f961bd0772b
-
SHA512
c6423fce53b8107dc5712df131cf8e3f0873fdd95b5bd41c54158d13bade5fd1c7ebf965e8b6853a0df049bd57a696cc1cf7aa456cf9adddf9553e11747d2f33
-
SSDEEP
96:V7Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx3FL46xdiozCL1MKHMU:5zdrr1FG1WDCgmjPZ3FM6TDKHMUA
-
Detected Xorist Ransomware
-
Renames multiple (2541) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-