General
-
Target
JaffaCakes118_050dd2f1fb6b957f3affcaf916a0aac0
-
Size
726KB
-
Sample
250516-a8hdjscj71
-
MD5
050dd2f1fb6b957f3affcaf916a0aac0
-
SHA1
7802c6b7f1af094b956c5489571c6bdbdbbf25fd
-
SHA256
c5b01e015b9ff97a94d5184ab168fcbe9d47313040a5ad42b9e3f4f1f33ee8d3
-
SHA512
84afdc1db5ccf132ee7120b9796427301b187f8366c6ea8e80c210df0762c71f0df35cc9bbbfb67735443b39e2934f2b9946d33679296a1946db611f8f9b912f
-
SSDEEP
12288:ceK8EWHnWko169Ja1QAEJ/3kctS////////LExfuOz/NCzWeI127CTOpnkqY:0yi6EQAEXtEExJeWp1rTOWL
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_050dd2f1fb6b957f3affcaf916a0aac0.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_050dd2f1fb6b957f3affcaf916a0aac0
-
Size
726KB
-
MD5
050dd2f1fb6b957f3affcaf916a0aac0
-
SHA1
7802c6b7f1af094b956c5489571c6bdbdbbf25fd
-
SHA256
c5b01e015b9ff97a94d5184ab168fcbe9d47313040a5ad42b9e3f4f1f33ee8d3
-
SHA512
84afdc1db5ccf132ee7120b9796427301b187f8366c6ea8e80c210df0762c71f0df35cc9bbbfb67735443b39e2934f2b9946d33679296a1946db611f8f9b912f
-
SSDEEP
12288:ceK8EWHnWko169Ja1QAEJ/3kctS////////LExfuOz/NCzWeI127CTOpnkqY:0yi6EQAEXtEExJeWp1rTOWL
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1