General
-
Target
55c09081a425bd225b98d949db884c94_JaffaCakes118
-
Size
4.0MB
-
Sample
241018-gcsyqstbll
-
MD5
55c09081a425bd225b98d949db884c94
-
SHA1
0367df4da4b464c75086dfa9c545bc0be133d3cc
-
SHA256
2b254c6880973d403d4abaa38996537c1c93f1ef01e58b01596fed78ea904d19
-
SHA512
6fd82799cca06b6b5ce581baeba1ebce8bebba876cda8e83d4448ebb831c71310c2e53ad64e1770d20548514b86fb320977c6d5dec6c23664de2b6d62334d584
-
SSDEEP
24576:aEtl9mRda1VIUSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nuk:xEs12pQ
Static task
static1
Behavioral task
behavioral1
Sample
55c09081a425bd225b98d949db884c94_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
55c09081a425bd225b98d949db884c94_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
55c09081a425bd225b98d949db884c94_JaffaCakes118
-
Size
4.0MB
-
MD5
55c09081a425bd225b98d949db884c94
-
SHA1
0367df4da4b464c75086dfa9c545bc0be133d3cc
-
SHA256
2b254c6880973d403d4abaa38996537c1c93f1ef01e58b01596fed78ea904d19
-
SHA512
6fd82799cca06b6b5ce581baeba1ebce8bebba876cda8e83d4448ebb831c71310c2e53ad64e1770d20548514b86fb320977c6d5dec6c23664de2b6d62334d584
-
SSDEEP
24576:aEtl9mRda1VIUSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nuk:xEs12pQ
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-