General
-
Target
a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118
-
Size
1.8MB
-
Sample
241126-2ghc1ssrgy
-
MD5
a47562ddb085ab39b821c1d8ab078edf
-
SHA1
0d4e8e5549105ee8527c058dce6c390616ad14a3
-
SHA256
f70006713d13499db25cb78e7831a300457f83248cc8a245de67b180c607713e
-
SHA512
18b3ff273024fdd98f2eacc9825316a97ae9809d127ae4d16a6613a9093fa94804c736cdb4edef814ef76c92a2f8c5b640ce4d2b7b76e339fe581667189a29f7
-
SSDEEP
24576:dnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:m1K5ve1K5v
Static task
static1
Behavioral task
behavioral1
Sample
a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118
-
Size
1.8MB
-
MD5
a47562ddb085ab39b821c1d8ab078edf
-
SHA1
0d4e8e5549105ee8527c058dce6c390616ad14a3
-
SHA256
f70006713d13499db25cb78e7831a300457f83248cc8a245de67b180c607713e
-
SHA512
18b3ff273024fdd98f2eacc9825316a97ae9809d127ae4d16a6613a9093fa94804c736cdb4edef814ef76c92a2f8c5b640ce4d2b7b76e339fe581667189a29f7
-
SSDEEP
24576:dnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:m1K5ve1K5v
Score10/10-
LockFile
LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.
-
Lockfile family
-
Renames multiple (1109) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-