General
-
Target
JaffaCakes118_1c6b72298fa546133df7ece994c09816
-
Size
190KB
-
Sample
250704-vtaqdabp8x
-
MD5
1c6b72298fa546133df7ece994c09816
-
SHA1
308fdbdacfed5bb78ebc1ad6f3bdbeec011df3ae
-
SHA256
5cd4b780387673d99cf7bec25b0539cf9480d31a00f8c3a25a4608fc36de8f64
-
SHA512
6a3aa8405fcaa97d110f0418f388263c598c28595c40f6d6a1a9848bde8c1fbaba756d2bacf68db337ef16ed6b729c8e7dc5238d4ec8eb91df798834ac528c41
-
SSDEEP
3072:iDEaRLPxhkXZM15TEJPoRMc8n9llngPeVxOifYlG5LEzHx3gjmYWYit3y7:ijxhkZM1REWo9rnRIlHR3YgYqi7
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1c6b72298fa546133df7ece994c09816.exe
Resource
win10v2004-20250610-en
Malware Config
Targets
-
-
Target
JaffaCakes118_1c6b72298fa546133df7ece994c09816
-
Size
190KB
-
MD5
1c6b72298fa546133df7ece994c09816
-
SHA1
308fdbdacfed5bb78ebc1ad6f3bdbeec011df3ae
-
SHA256
5cd4b780387673d99cf7bec25b0539cf9480d31a00f8c3a25a4608fc36de8f64
-
SHA512
6a3aa8405fcaa97d110f0418f388263c598c28595c40f6d6a1a9848bde8c1fbaba756d2bacf68db337ef16ed6b729c8e7dc5238d4ec8eb91df798834ac528c41
-
SSDEEP
3072:iDEaRLPxhkXZM15TEJPoRMc8n9llngPeVxOifYlG5LEzHx3gjmYWYit3y7:ijxhkZM1REWo9rnRIlHR3YgYqi7
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (89) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1