Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    26-08-2020 08:43

General

  • Target

    Jackpot Test Ransomware.bin.exe

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\payment request.txt

Family

jackpot

Ransom Note
.$$$ $$$$ .$$$$ $$$: $$$ ~$$$$$= $$$$ $$$$$$ .$$$ $$$$ .$$$$$ $$$: $$$ I$$$$$$$ $$$$$$ $$$$$$ .$$$ ~$$$$, $$$7 $$$:$$$. I$$ $$$ $$$ $$$ $$$? .$$$ $$$$$$ $$$ $$$:$$$ I$$ $$$ $$$ $$$ $$$? .$$$ $$I$$$ $$$ $$$$$$ I$$$$$$ $$$ $$$ $$$? .$$$ .$$ $$$ $$$ $$$:$$$ I$$$$ $$$ $$$ $$$? .$$$ I$$ 7$$+ $$$, $$$:$$$. I$$? $$$ $$$ $$$? .$$$ $$$$$$$$ $$$$ $$$:+$$$ I$$? +$$$$$$ $$$? .$$$ $$$ $$$. $$$$ $$$: $$$ I$$? $$$$$$ $$$? .$$$7 .$$$. .++++++++++++++. .+++++++++++++++. .+++++++++++++. $ 7$..~$$$$,.. ,7 $ ..$. .$ .$ $ . . $ $ . $7I. ..,$$ $ $ :$$$$$$$$$$$I $ $ $$$$7. I $ . $..$ $.:$~ $$.$$$ $I $ $ ,$ .$ I $ .. $ $.:$ .$ =$ .$I $ $ .$7.7$7$$$$=. I $ 7$$$$. $ $.:$. $$ :$, $I $ $ =.. . $?7.I $ ~$7 ,$$ $ $.:$ .$ .=$ $I $ $ ... I $ .$: .$. $ $.:$$$$$$$$$$$I $ $ I $ .$ $. $ $ $ $ $$$$$$ I $ $$$$$$$$$$$$ $ $ $ $ .$= . $$. I $ .$$$$$7$$$$$$ $ $ . $ $ $$ $$. I $ .$..$$..$ .$$ $ $ $.$$.$. $ $ $I .$$ I $ .$ .$$ ,$ .$$ $ $ 7$$ .7$$. $ $ .$$$$$$$$$$$$.I $ .$. $7. $. I$ $ $ .~. I$ .,. $ $ .$$ $$?~$$.$$ I $ .$7,$$ $$$.$$ $ $ ? . . ~ . $ $ .$ .$$ .$. ,$ I $ .$$$$$$$$$$$$.$ $ $. $ $ $ .$$ $$ .$$ .$ I $ . $ $ I7 $$ $ $ .$ $$ .$...$ I $ ..77$7 $ $ $ $ .$$7$$7$$$7$$ I $ .$.. ..$. $ $ $ $ I $ ~$7$$$=$$$ $ $ $$$$ $ $ I $ $.$$.$7?7 $ $ $ $$... $ $ $$.?$+ $ '++++++++++++++' '+++++++++++++++' '+++++++++++++++' All your important files are encrypted. To decrypt your files, pay 1 BTC ~= 6.436 USD to the BitCoin address: VJSqyORK6tYkQhRdFJgyrTIzfZ1j8dDLBk
Wallets

VJSqyORK6tYkQhRdFJgyrTIzfZ1j8dDLBk

Signatures

  • Jackpot Ransomware

    Simple ransomware first seen in early 2020.

  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Jackpot Test Ransomware.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\Jackpot Test Ransomware.bin.exe"
    1⤵
    • Modifies extensions of user files
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:1124

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/316-0-0x000007FEF7E00000-0x000007FEF807A000-memory.dmp

    Filesize

    2.5MB