General
-
Target
103f89102b555972c2d4dd7e43d914bc_JaffaCakes118
-
Size
11KB
-
Sample
241003-x68jaawdra
-
MD5
103f89102b555972c2d4dd7e43d914bc
-
SHA1
3de992a854db49da33f322e147a889949d53d6b1
-
SHA256
3c5f95836a35405a1f1a24a2fef4819403adfaa614c38daa88056bf443232a5d
-
SHA512
0b74010fa0c88f4ff058e27412c48de67a65bba0cdff6e1eee3793dcf679b6c349174f5d2522335ab97a3d4ea7fa1ab3599fccaf7b447ca4900b3a3fb259c264
-
SSDEEP
192:nzdrr1FG1WDCgmjPZulJYm0Sg3BCEiZMsr1u0KKYfUA:nprr1gkDCgSyiCrFuvtfB
Behavioral task
behavioral1
Sample
103f89102b555972c2d4dd7e43d914bc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
103f89102b555972c2d4dd7e43d914bc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
103f89102b555972c2d4dd7e43d914bc_JaffaCakes118
-
Size
11KB
-
MD5
103f89102b555972c2d4dd7e43d914bc
-
SHA1
3de992a854db49da33f322e147a889949d53d6b1
-
SHA256
3c5f95836a35405a1f1a24a2fef4819403adfaa614c38daa88056bf443232a5d
-
SHA512
0b74010fa0c88f4ff058e27412c48de67a65bba0cdff6e1eee3793dcf679b6c349174f5d2522335ab97a3d4ea7fa1ab3599fccaf7b447ca4900b3a3fb259c264
-
SSDEEP
192:nzdrr1FG1WDCgmjPZulJYm0Sg3BCEiZMsr1u0KKYfUA:nprr1gkDCgSyiCrFuvtfB
-
Detected Xorist Ransomware
-
Renames multiple (2207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-