General
-
Target
177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118
-
Size
7KB
-
Sample
241005-m85kas1drj
-
MD5
177068f72d69a4594bc3721fc9c1d6f0
-
SHA1
a24fe2857a2386e2413afa1c7476110cfa7319b9
-
SHA256
119b55447703c19541eddb96500760104893a136faaf87b46c2871c5a1e7d926
-
SHA512
de8b5f7155f330d60d17d07c6517285638148392c189e5c8470e1ded83ccf16b10d7499cb2994aed5d514d5fedc980f72bf7901dc98d62e8220abea6db3c79d3
-
SSDEEP
192:czdrrOFG1WDCgmjPZPxLTLzdtPJftqGMUA:cprrOgkDCgS/HTFtPMB
Behavioral task
behavioral1
Sample
177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118.exe
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118
-
Size
7KB
-
MD5
177068f72d69a4594bc3721fc9c1d6f0
-
SHA1
a24fe2857a2386e2413afa1c7476110cfa7319b9
-
SHA256
119b55447703c19541eddb96500760104893a136faaf87b46c2871c5a1e7d926
-
SHA512
de8b5f7155f330d60d17d07c6517285638148392c189e5c8470e1ded83ccf16b10d7499cb2994aed5d514d5fedc980f72bf7901dc98d62e8220abea6db3c79d3
-
SSDEEP
192:czdrrOFG1WDCgmjPZPxLTLzdtPJftqGMUA:cprrOgkDCgS/HTFtPMB
-
Detected Xorist Ransomware
-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-