Overview

overview

10

Static

static

3

178d180e0c...18.exe

windows7-x64

10

178d180e0c...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118

  • Size

    2.7MB

  • Sample

    241006-llxqhaxcjm

  • MD5

    178d180e0c8e7a6bd10fc985f8683131

  • SHA1

    97fbf858a5dad72cffe943c3461410b64d81bf90

  • SHA256

    6a8425919b1942929fc98d0d8c8777515936042c5499e958304543bf0e8be8b8

  • SHA512

    0c04cdf39c7d5ac22f53ebac669268e8804e20848e39e90a8e06fa3cc1c960dc33a6c2db7bd0efb6222815d06743748d8c5e8a7dcdde6d8bb51b0592e65a618c

  • SSDEEP

    24576:aEtl9mRda1VIUSu7KB8NIyXbacAfUSunEp+XRGEUvkXw6z4Et1:xEs12pHB8NIMI8Sfpwotkzvj

Score
10/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      178d180e0c8e7a6bd10fc985f8683131_JaffaCakes118

    • Size

      2.7MB

    • MD5

      178d180e0c8e7a6bd10fc985f8683131

    • SHA1

      97fbf858a5dad72cffe943c3461410b64d81bf90

    • SHA256

      6a8425919b1942929fc98d0d8c8777515936042c5499e958304543bf0e8be8b8

    • SHA512

      0c04cdf39c7d5ac22f53ebac669268e8804e20848e39e90a8e06fa3cc1c960dc33a6c2db7bd0efb6222815d06743748d8c5e8a7dcdde6d8bb51b0592e65a618c

    • SSDEEP

      24576:aEtl9mRda1VIUSu7KB8NIyXbacAfUSunEp+XRGEUvkXw6z4Et1:xEs12pHB8NIMI8Sfpwotkzvj

    Score
    10/10
    discoverypersistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks