Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows7_x64 -
resource
win7 -
submitted
26-08-2020 08:43
Static task
static1
Behavioral task
behavioral1
Sample
Jackpot Test Ransomware.bin.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Jackpot Test Ransomware.bin.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Jackpot Test Ransomware.bin.exe
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Desktop\payment request.txt
Family
jackpot
Ransom Note
.$$$ $$$$ .$$$$ $$$: $$$ ~$$$$$= $$$$ $$$$$$
.$$$ $$$$ .$$$$$ $$$: $$$ I$$$$$$$ $$$$$$ $$$$$$
.$$$ ~$$$$, $$$7 $$$:$$$. I$$ $$$ $$$ $$$ $$$?
.$$$ $$$$$$ $$$ $$$:$$$ I$$ $$$ $$$ $$$ $$$?
.$$$ $$I$$$ $$$ $$$$$$ I$$$$$$ $$$ $$$ $$$?
.$$$ .$$ $$$ $$$ $$$:$$$ I$$$$ $$$ $$$ $$$?
.$$$ I$$ 7$$+ $$$, $$$:$$$. I$$? $$$ $$$ $$$?
.$$$ $$$$$$$$ $$$$ $$$:+$$$ I$$? +$$$$$$ $$$?
.$$$ $$$ $$$. $$$$ $$$: $$$ I$$? $$$$$$ $$$?
.$$$7
.$$$.
.++++++++++++++. .+++++++++++++++. .+++++++++++++.
$ 7$..~$$$$,.. ,7 $ ..$. .$ .$ $ . . $
$ . $7I. ..,$$ $ $ :$$$$$$$$$$$I $ $ $$$$7. I
$ . $..$ $.:$~ $$.$$$ $I $ $ ,$ .$ I
$ .. $ $.:$ .$ =$ .$I $ $ .$7.7$7$$$$=. I
$ 7$$$$. $ $.:$. $$ :$, $I $ $ =.. . $?7.I
$ ~$7 ,$$ $ $.:$ .$ .=$ $I $ $ ... I
$ .$: .$. $ $.:$$$$$$$$$$$I $ $ I
$ .$ $. $ $ $ $ $$$$$$ I
$ $$$$$$$$$$$$ $ $ $ $ .$= . $$. I
$ .$$$$$7$$$$$$ $ $ . $ $ $$ $$. I
$ .$..$$..$ .$$ $ $ $.$$.$. $ $ $I .$$ I
$ .$ .$$ ,$ .$$ $ $ 7$$ .7$$. $ $ .$$$$$$$$$$$$.I
$ .$. $7. $. I$ $ $ .~. I$ .,. $ $ .$$ $$?~$$.$$ I
$ .$7,$$ $$$.$$ $ $ ? . . ~ . $ $ .$ .$$ .$. ,$ I
$ .$$$$$$$$$$$$.$ $ $. $ $ $ .$$ $$ .$$ .$ I
$ . $ $ I7 $$ $ $ .$ $$ .$...$ I
$ ..77$7 $ $ $ $ .$$7$$7$$$7$$ I
$ .$.. ..$. $ $ $ $ I
$ ~$7$$$=$$$ $ $ $$$$ $ $ I
$ $.$$.$7?7 $ $ $ $$... $ $ $$.?$+ $
'++++++++++++++' '+++++++++++++++' '+++++++++++++++'
All your important files are encrypted.
To decrypt your files, pay 1 BTC ~= 6.436 USD to the BitCoin address:
VJSqyORK6tYkQhRdFJgyrTIzfZ1j8dDLBk
Wallets
VJSqyORK6tYkQhRdFJgyrTIzfZ1j8dDLBk
Signatures
-
Jackpot Ransomware
Simple ransomware first seen in early 2020.
-
Modifies extensions of user files 4 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File created C:\Users\Admin\Pictures\DebugApprove.png.coin Jackpot Test Ransomware.bin.exe File created C:\Users\Admin\Pictures\MoveInitialize.png.coin Jackpot Test Ransomware.bin.exe File created C:\Users\Admin\Pictures\SendSwitch.tiff.coin Jackpot Test Ransomware.bin.exe File created C:\Users\Admin\Pictures\WriteConvert.tiff.coin Jackpot Test Ransomware.bin.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Jackpot Test Ransomware.bin.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Jackpot Test Ransomware.bin.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1124 Jackpot Test Ransomware.bin.exe 1124 Jackpot Test Ransomware.bin.exe