General
-
Target
JaffaCakes118_0c14e67645ad62c15dae91cd644fa7c0
-
Size
543KB
-
Sample
250530-askhzadk81
-
MD5
0c14e67645ad62c15dae91cd644fa7c0
-
SHA1
081caa04a4daf07f325962b76eaec95567e859a2
-
SHA256
e02fb9ef57b62def35581f785d90c910a8f8692ed1837ae7742ee4d47f41720a
-
SHA512
9b2643530e3a1ba835f6093b69ce23eb217e8e254d6d6561f797c791b288a1b5787068aa0857314c1bbe464c6d3b12c3a51835501fd3b7849714ae44297f5d92
-
SSDEEP
12288:lqMbhqZabMrcayfbzBmyLXUprGyRx5fBfUwrY4UGY/IT:qZy+clhmyIpCyRxbzOGYgT
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0c14e67645ad62c15dae91cd644fa7c0.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_0c14e67645ad62c15dae91cd644fa7c0
-
Size
543KB
-
MD5
0c14e67645ad62c15dae91cd644fa7c0
-
SHA1
081caa04a4daf07f325962b76eaec95567e859a2
-
SHA256
e02fb9ef57b62def35581f785d90c910a8f8692ed1837ae7742ee4d47f41720a
-
SHA512
9b2643530e3a1ba835f6093b69ce23eb217e8e254d6d6561f797c791b288a1b5787068aa0857314c1bbe464c6d3b12c3a51835501fd3b7849714ae44297f5d92
-
SSDEEP
12288:lqMbhqZabMrcayfbzBmyLXUprGyRx5fBfUwrY4UGY/IT:qZy+clhmyIpCyRxbzOGYgT
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1