General
-
Target
JaffaCakes118_0499a822315aa338600ed39148c328f0
-
Size
821KB
-
Sample
250515-nmjalsfl5s
-
MD5
0499a822315aa338600ed39148c328f0
-
SHA1
93560e7166ba06ac0d65417ad0a03fe47205e416
-
SHA256
36638741536265f94d088381075e2c5effb5a6f40c07ae54cb95c6c65dde1fe3
-
SHA512
85e1ea2ad505cb9fa01b4bd45998f10d59cd64fd9a6af009f444063fea9ef2a1a47390123641ff9861adec8716bdaf75b6235f0cb5fa5b05be2f225112debe4d
-
SSDEEP
24576:6x4oamOl0bKGnROGDkjehJtlsU2lE0PfK:6Oag01ROQkjehvWRl3fK
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0499a822315aa338600ed39148c328f0.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_0499a822315aa338600ed39148c328f0
-
Size
821KB
-
MD5
0499a822315aa338600ed39148c328f0
-
SHA1
93560e7166ba06ac0d65417ad0a03fe47205e416
-
SHA256
36638741536265f94d088381075e2c5effb5a6f40c07ae54cb95c6c65dde1fe3
-
SHA512
85e1ea2ad505cb9fa01b4bd45998f10d59cd64fd9a6af009f444063fea9ef2a1a47390123641ff9861adec8716bdaf75b6235f0cb5fa5b05be2f225112debe4d
-
SSDEEP
24576:6x4oamOl0bKGnROGDkjehJtlsU2lE0PfK:6Oag01ROQkjehvWRl3fK
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (54) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1