General
-
Target
115cca6a089868bf2ba2387be8ead76f_JaffaCakes118
-
Size
13KB
-
Sample
241004-cd65jaybpj
-
MD5
115cca6a089868bf2ba2387be8ead76f
-
SHA1
38a9905b7f4d34d094fc4f91a2906eacfc004146
-
SHA256
cd5c48296c6929f64152721fa4c79e4870386476b768a0da70cd72faa3bc7b73
-
SHA512
2e53d1059779489e9e77819dd880638299d4f418c261e4b721d21e62a78b42486287e1a286139692f42d6c3db315543265ec0137029c448d96810bbae57d2113
-
SSDEEP
384:H/beRWGOUNBkIcfwiHgPBH+PZVFFvtRB:HDyPOUNKIcfwic+PZVF
Behavioral task
behavioral1
Sample
115cca6a089868bf2ba2387be8ead76f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
115cca6a089868bf2ba2387be8ead76f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
115cca6a089868bf2ba2387be8ead76f_JaffaCakes118
-
Size
13KB
-
MD5
115cca6a089868bf2ba2387be8ead76f
-
SHA1
38a9905b7f4d34d094fc4f91a2906eacfc004146
-
SHA256
cd5c48296c6929f64152721fa4c79e4870386476b768a0da70cd72faa3bc7b73
-
SHA512
2e53d1059779489e9e77819dd880638299d4f418c261e4b721d21e62a78b42486287e1a286139692f42d6c3db315543265ec0137029c448d96810bbae57d2113
-
SSDEEP
384:H/beRWGOUNBkIcfwiHgPBH+PZVFFvtRB:HDyPOUNKIcfwic+PZVF
-
Detected Xorist Ransomware
-
Renames multiple (2207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-