dbc40ebfee3142451c4f99972cc67e9d2b112419cea76cd4e547bc67928a79c4 | Triage

Sharing

General

Target

0bea8d3669e855e32547b40dafba6fb2_JaffaCakes118
Size

435KB
Sample

241002-wq1m3azcmm
MD5

0bea8d3669e855e32547b40dafba6fb2
SHA1

82e7e06a3005489895ec9580c7d466bb7beb35dd
SHA256

dbc40ebfee3142451c4f99972cc67e9d2b112419cea76cd4e547bc67928a79c4
SHA512

33d8851ff99937c92efe8ff248953fe22b42d101afacf223e174376ba065e7f9d4cb61f99cb34adaed1f64029f843df381bcf41f17dbfbb98737ec6f20dec393
SSDEEP

6144:k82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilz:Cp4pNfz3ymJnJ8QCFkxCaQTOl2z

Score

10^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  0bea8d3669e855e32547b40dafba6fb2_JaffaCakes118
- Size
  
  435KB
- MD5
  
  0bea8d3669e855e32547b40dafba6fb2
- SHA1
  
  82e7e06a3005489895ec9580c7d466bb7beb35dd
- SHA256
  
  dbc40ebfee3142451c4f99972cc67e9d2b112419cea76cd4e547bc67928a79c4
- SHA512
  
  33d8851ff99937c92efe8ff248953fe22b42d101afacf223e174376ba065e7f9d4cb61f99cb34adaed1f64029f843df381bcf41f17dbfbb98737ec6f20dec393
- SSDEEP
  
  6144:k82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilz:Cp4pNfz3ymJnJ8QCFkxCaQTOl2z
Score

10^/10

discovery persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceransomware

behavioral2

discoverypersistence