General
-
Target
0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118
-
Size
89KB
-
Sample
241003-kzzxcavfjj
-
MD5
0ee053ab4b7a3f3d1c89a409cd518650
-
SHA1
d51c35fadebf4927cf2ca1f52636eb2a67536914
-
SHA256
7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1
-
SHA512
95d1ed6edf8a72a4452747c600a94b76f09a2ea104a7166178af58e122e654f6f3cb797b6dc026525cd1d23b8dd638ae508afe8b58a2d069293e70567471afa7
-
SSDEEP
768:brVDCBfXttVayxWxZ2x2EKLjYef+uCEPQfGpd3ALXRGO1bFsR866En+O+iPU+3:br4BfXt75M2V2f+ffGQzRbtFO8616is
Behavioral task
behavioral1
Sample
0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118
-
Size
89KB
-
MD5
0ee053ab4b7a3f3d1c89a409cd518650
-
SHA1
d51c35fadebf4927cf2ca1f52636eb2a67536914
-
SHA256
7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1
-
SHA512
95d1ed6edf8a72a4452747c600a94b76f09a2ea104a7166178af58e122e654f6f3cb797b6dc026525cd1d23b8dd638ae508afe8b58a2d069293e70567471afa7
-
SSDEEP
768:brVDCBfXttVayxWxZ2x2EKLjYef+uCEPQfGpd3ALXRGO1bFsR866En+O+iPU+3:br4BfXt75M2V2f+ffGQzRbtFO8616is
-
Detected Xorist Ransomware
-
Renames multiple (2197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-