General
-
Target
142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118
-
Size
6KB
-
Sample
241004-vgg9pavgpp
-
MD5
142dee4d0f5e7f5cef251ce32bc0052f
-
SHA1
9ab68b46167b0aed7cb3eacc2ca7a1804b185955
-
SHA256
05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada
-
SHA512
95d6159c79a323f430ecb4f32fb7c1f5a677839d5a1e3d0e9c5707997d2f20875c988a196f9448e4a4a5308431e6daa315736aad16b4b945fe9fe3478386abd1
-
SSDEEP
96:q1Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExnPnhAillj7jRmW+/bOo:Mzdrr1FG1WDCgmjPZ5vlXMVOTMUA
Behavioral task
behavioral1
Sample
142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118
-
Size
6KB
-
MD5
142dee4d0f5e7f5cef251ce32bc0052f
-
SHA1
9ab68b46167b0aed7cb3eacc2ca7a1804b185955
-
SHA256
05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada
-
SHA512
95d6159c79a323f430ecb4f32fb7c1f5a677839d5a1e3d0e9c5707997d2f20875c988a196f9448e4a4a5308431e6daa315736aad16b4b945fe9fe3478386abd1
-
SSDEEP
96:q1Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExnPnhAillj7jRmW+/bOo:Mzdrr1FG1WDCgmjPZ5vlXMVOTMUA
-
Detected Xorist Ransomware
-
Renames multiple (2114) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-