General
-
Target
5f03a75487908cb6837a220a4b052740_JaffaCakes118
-
Size
1.4MB
-
Sample
241019-2h1wravfqp
-
MD5
5f03a75487908cb6837a220a4b052740
-
SHA1
e37d87b0a418839369ceb31287f9d21053317117
-
SHA256
ccde612b87a4590d7691e3be0045f83308d688bd7977dd1a5a6b17a25e304e38
-
SHA512
13fc308b9ffa6bce038dc4a578e5cae38a4626b8f7c71a5e2ae658c92417a04bc7b3c1d937231e1aa3e5737fbf3362f2833c85576cedfb88a8e9bde05b7ad6a4
-
SSDEEP
12288:dMMpXKb0hNGh1kG0HWo+zU861w+VsLkjrVlQB9FbDTF53nlNFRpO50w9XCfyGjNx:dMMpXS0hN0V0HiS1w5
Behavioral task
behavioral1
Sample
5f03a75487908cb6837a220a4b052740_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5f03a75487908cb6837a220a4b052740_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5f03a75487908cb6837a220a4b052740_JaffaCakes118
-
Size
1.4MB
-
MD5
5f03a75487908cb6837a220a4b052740
-
SHA1
e37d87b0a418839369ceb31287f9d21053317117
-
SHA256
ccde612b87a4590d7691e3be0045f83308d688bd7977dd1a5a6b17a25e304e38
-
SHA512
13fc308b9ffa6bce038dc4a578e5cae38a4626b8f7c71a5e2ae658c92417a04bc7b3c1d937231e1aa3e5737fbf3362f2833c85576cedfb88a8e9bde05b7ad6a4
-
SSDEEP
12288:dMMpXKb0hNGh1kG0HWo+zU861w+VsLkjrVlQB9FbDTF53nlNFRpO50w9XCfyGjNx:dMMpXS0hN0V0HiS1w5
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-