jackpot | e4cbe5f60750891e377c80ed75d6eef7179581defd50db3301d517d5bd2fafc2

Analysis

max time kernel
147s
max time network
149s
platform
windows10_x64
resource
win10v200722
submitted
26-08-2020 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Jackpot Test Ransomware.bin.exe

Score

10^/10

ransomware jackpot

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\payment request.txt

Family

jackpot

Ransom Note

.$$$ $$$$ .$$$$ $$$: $$$ ~$$$$$= $$$$ $$$$$$ .$$$ $$$$ .$$$$$ $$$: $$$ I$$$$$$$ $$$$$$ $$$$$$ .$$$ ~$$$$, $$$7 $$$:$$$. I$$ $$$ $$$ $$$ $$$? .$$$ $$$$$$ $$$ $$$:$$$ I$$ $$$ $$$ $$$ $$$? .$$$ $$I$$$ $$$ $$$$$$ I$$$$$$ $$$ $$$ $$$? .$$$ .$$ $$$ $$$ $$$:$$$ I$$$$ $$$ $$$ $$$? .$$$ I$$ 7$$+ $$$, $$$:$$$. I$$? $$$ $$$ $$$? .$$$ $$$$$$$$ $$$$ $$$:+$$$ I$$? +$$$$$$ $$$? .$$$ $$$ $$$. $$$$ $$$: $$$ I$$? $$$$$$ $$$? .$$$7 .$$$. .++++++++++++++. .+++++++++++++++. .+++++++++++++. $ 7$..~$$$$,.. ,7 $ ..$. .$ .$ $ . . $ $ . $7I. ..,$$ $ $ :$$$$$$$$$$$I $ $ $$$$7. I $ . $..$ $.:$~ $$.$$$ $I $ $ ,$ .$ I $ .. $ $.:$ .$ =$ .$I $ $ .$7.7$7$$$$=. I $ 7$$$$. $ $.:$. $$ :$, $I $ $ =.. . $?7.I $ ~$7 ,$$ $ $.:$ .$ .=$ $I $ $ ... I $ .$: .$. $ $.:$$$$$$$$$$$I $ $ I $ .$ $. $ $ $ $ $$$$$$ I $ $$$$$$$$$$$$ $ $ $ $ .$= . $$. I $ .$$$$$7$$$$$$ $ $ . $ $ $$ $$. I $ .$..$$..$ .$$ $ $ $.$$.$. $ $ $I .$$ I $ .$ .$$ ,$ .$$ $ $ 7$$ .7$$. $ $ .$$$$$$$$$$$$.I $ .$. $7. $. I$ $ $ .~. I$ .,. $ $ .$$ $$?~$$.$$ I $ .$7,$$ $$$.$$ $ $ ? . . ~ . $ $ .$ .$$ .$. ,$ I $ .$$$$$$$$$$$$.$ $ $. $ $ $ .$$ $$ .$$ .$ I $ . $ $ I7 $$ $ $ .$ $$ .$...$ I $ ..77$7 $ $ $ $ .$$7$$7$$$7$$ I $ .$.. ..$. $ $ $ $ I $ ~$7$$$=$$$ $ $ $$$$ $ $ I $ $.$$.$7?7 $ $ $ $$... $ $ $$.?$+ $ '++++++++++++++' '+++++++++++++++' '+++++++++++++++' All your important files are encrypted. To decrypt your files, pay 1 BTC ~= 6.436 USD to the BitCoin address: 5vnC8GqF2nv2h8HuJMNa7KU10B5u2WgLLmr

Wallets

5vnC8GqF2nv2h8HuJMNa7KU10B5u2WgLLmr

Signatures

Jackpot Ransomware
Simple ransomware first seen in early 2020.
ransomware jackpot

Modifies extensions of user files 10 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

Jackpot Test Ransomware.bin.exe

description	ioc	process
File created	C:\Users\Admin\Pictures\CompleteInvoke.tiff.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\FormatUnlock.tif.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\OpenRestart.tif.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\RenameTrace.raw.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\SendUnblock.raw.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\SplitMount.raw.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\AddUse.tiff.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\HideCompare.tif.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\SelectEnable.png.coin	Jackpot Test Ransomware.bin.exe
File created	C:\Users\Admin\Pictures\StepWrite.tif.coin	Jackpot Test Ransomware.bin.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Jackpot Test Ransomware.bin.exe

pid process

3956 Jackpot Test Ransomware.bin.exe
3956 Jackpot Test Ransomware.bin.exe

pid	process
3956	Jackpot Test Ransomware.bin.exe
3956	Jackpot Test Ransomware.bin.exe

C:\Users\Admin\AppData\Local\Temp\Jackpot Test Ransomware.bin.exe
"C:\Users\Admin\AppData\Local\Temp\Jackpot Test Ransomware.bin.exe"
1⤵
- Modifies extensions of user files
- Suspicious use of SetWindowsHookEx
PID:3956

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads