efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6 | Triage

Resubmissions

04-10-2024 05:24

241004-f356ba1apg 10

03-10-2024 15:52

241003-ta4cxatckm 10

Sharing

General

Target

0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118
Size

8.8MB
Sample

241003-ta4cxatckm
MD5

0f77d1cbcd4f7a463f9d534faaecfde7
SHA1

b93cd34dafaa156aa8da2de6ae2ebadfa417117d
SHA256

efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6
SHA512

13f722c56f67f99f7d3f79f21b87ae80fffbba371758fe9b35db324ef12491b7bb2fd12c06193b91a4ba5c762b089186b5ef1387292acf1f0671d29f31e17668
SSDEEP

98304:iE20IMzKpXOMGQxIMzKpXOMGQwTpKXl50:in0I2lyxI2lywTSe

Score

10^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  0f77d1cbcd4f7a463f9d534faaecfde7_JaffaCakes118
- Size
  
  8.8MB
- MD5
  
  0f77d1cbcd4f7a463f9d534faaecfde7
- SHA1
  
  b93cd34dafaa156aa8da2de6ae2ebadfa417117d
- SHA256
  
  efc09d8803270ccc2f233b3dd7c1648e589b05d27df428482da49892f7f868a6
- SHA512
  
  13f722c56f67f99f7d3f79f21b87ae80fffbba371758fe9b35db324ef12491b7bb2fd12c06193b91a4ba5c762b089186b5ef1387292acf1f0671d29f31e17668
- SSDEEP
  
  98304:iE20IMzKpXOMGQxIMzKpXOMGQwTpKXl50:in0I2lyxI2lywTSe
Score

10^/10

discovery persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceransomware

behavioral2

discoverypersistence