Overview

overview

9

Static

static

3

JaffaCakes...2e.exe

windows7-x64

3

JaffaCakes...2e.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_99180aba4fcef4c831dd34f4c66cd52e

  • Size

    364KB

  • Sample

    250330-zcvfnswxat

  • MD5

    99180aba4fcef4c831dd34f4c66cd52e

  • SHA1

    58ada9bab31fe9f2184b605678aa203fafc4f2ac

  • SHA256

    1459890537a96e964089709f6a4dc704f422fe6949a6492784acb46c624f793d

  • SHA512

    9b80eb9d4000521237fd520274eed9cb6dd8bf69b2967aa76168b6d148148915c98fcd0619d01d066543cf4ea8a5c1662ad7565b232e5c715423db2fe4a489fd

  • SSDEEP

    6144:xl56Q4Kee0COjAwlaNQYuFloUM0LpgqzvAu++deDpsQoJWy5q2DvhTnAY:tH8eTOjbEWFFloU1gqzAuXgDpsQ2q2vJ

Score
9/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      JaffaCakes118_99180aba4fcef4c831dd34f4c66cd52e

    • Size

      364KB

    • MD5

      99180aba4fcef4c831dd34f4c66cd52e

    • SHA1

      58ada9bab31fe9f2184b605678aa203fafc4f2ac

    • SHA256

      1459890537a96e964089709f6a4dc704f422fe6949a6492784acb46c624f793d

    • SHA512

      9b80eb9d4000521237fd520274eed9cb6dd8bf69b2967aa76168b6d148148915c98fcd0619d01d066543cf4ea8a5c1662ad7565b232e5c715423db2fe4a489fd

    • SSDEEP

      6144:xl56Q4Kee0COjAwlaNQYuFloUM0LpgqzvAu++deDpsQoJWy5q2DvhTnAY:tH8eTOjbEWFFloU1gqzAuXgDpsQ2q2vJ

    Score
    9/10
    discoverypersistenceransomware

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks