General
-
Target
3aecd251d296551ec8827008796244e5_JaffaCakes118
-
Size
16KB
-
Sample
241012-tnbvtayfpb
-
MD5
3aecd251d296551ec8827008796244e5
-
SHA1
2b225bcd484f71b14e3c4792cb0c5965b26a830a
-
SHA256
9be38b91de4c97f277b1cf221e8a3e8b95141e617e82cfdd5341faba775dcfba
-
SHA512
ac2a5f2ab6173145e02c07e52a423a674ca9a1da309c3027e52dcd1c0302186f0d1d124c6d89302f011bd945dbd1f92b0e44a9bb7d2ccf081f7a58859f9fc975
-
SSDEEP
384:cprr1gkDCgSLY19Iigbbjt7l7l7lljjpeyLLs4LD/B:SrVDC7YsizU
Behavioral task
behavioral1
Sample
3aecd251d296551ec8827008796244e5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3aecd251d296551ec8827008796244e5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3aecd251d296551ec8827008796244e5_JaffaCakes118
-
Size
16KB
-
MD5
3aecd251d296551ec8827008796244e5
-
SHA1
2b225bcd484f71b14e3c4792cb0c5965b26a830a
-
SHA256
9be38b91de4c97f277b1cf221e8a3e8b95141e617e82cfdd5341faba775dcfba
-
SHA512
ac2a5f2ab6173145e02c07e52a423a674ca9a1da309c3027e52dcd1c0302186f0d1d124c6d89302f011bd945dbd1f92b0e44a9bb7d2ccf081f7a58859f9fc975
-
SSDEEP
384:cprr1gkDCgSLY19Iigbbjt7l7l7lljjpeyLLs4LD/B:SrVDC7YsizU
-
Detected Xorist Ransomware
-
Renames multiple (6073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1