Overview

overview

10

Static

static

10

jackpot_http.exe

windows7_x64

10

jackpot_http.exe

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    28-08-2020 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jackpot_http.exe

  • Size

    10.6MB

  • MD5

    a542cbb17361195e396a3746a542ad9f

  • SHA1

    a4c3b95f504516f87ed08e6705c52322f2f739e3

  • SHA256

    ff68685fdcd4c84426418963ce5cb961775419863cd02e8f2f69c6d46b3d134c

  • SHA512

    70ae63bc384f610656d3118cbde2e7b039f352352eb374e96d1c381eef9af0e662bdf7ce42671760a7926a7883aed001189ed9dd16265ab68175d6ac7cf4f321

Score
10/10
ransomwarejackpot

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\payment request.txt

Family

jackpot

Ransom Note
.$$$ $$$$ .$$$$ $$$: $$$ ~$$$$$= $$$$ $$$$$$ .$$$ $$$$ .$$$$$ $$$: $$$ I$$$$$$$ $$$$$$ $$$$$$ .$$$ ~$$$$, $$$7 $$$:$$$. I$$ $$$ $$$ $$$ $$$? .$$$ $$$$$$ $$$ $$$:$$$ I$$ $$$ $$$ $$$ $$$? .$$$ $$I$$$ $$$ $$$$$$ I$$$$$$ $$$ $$$ $$$? .$$$ .$$ $$$ $$$ $$$:$$$ I$$$$ $$$ $$$ $$$? .$$$ I$$ 7$$+ $$$, $$$:$$$. I$$? $$$ $$$ $$$? .$$$ $$$$$$$$ $$$$ $$$:+$$$ I$$? +$$$$$$ $$$? .$$$ $$$ $$$. $$$$ $$$: $$$ I$$? $$$$$$ $$$? .$$$7 .$$$. .++++++++++++++. .+++++++++++++++. .+++++++++++++. $ 7$..~$$$$,.. ,7 $ ..$. .$ .$ $ . . $ $ . $7I. ..,$$ $ $ :$$$$$$$$$$$I $ $ $$$$7. I $ . $..$ $.:$~ $$.$$$ $I $ $ ,$ .$ I $ .. $ $.:$ .$ =$ .$I $ $ .$7.7$7$$$$=. I $ 7$$$$. $ $.:$. $$ :$, $I $ $ =.. . $?7.I $ ~$7 ,$$ $ $.:$ .$ .=$ $I $ $ ... I $ .$: .$. $ $.:$$$$$$$$$$$I $ $ I $ .$ $. $ $ $ $ $$$$$$ I $ $$$$$$$$$$$$ $ $ $ $ .$= . $$. I $ .$$$$$7$$$$$$ $ $ . $ $ $$ $$. I $ .$..$$..$ .$$ $ $ $.$$.$. $ $ $I .$$ I $ .$ .$$ ,$ .$$ $ $ 7$$ .7$$. $ $ .$$$$$$$$$$$$.I $ .$. $7. $. I$ $ $ .~. I$ .,. $ $ .$$ $$?~$$.$$ I $ .$7,$$ $$$.$$ $ $ ? . . ~ . $ $ .$ .$$ .$. ,$ I $ .$$$$$$$$$$$$.$ $ $. $ $ $ .$$ $$ .$$ .$ I $ . $ $ I7 $$ $ $ .$ $$ .$...$ I $ ..77$7 $ $ $ $ .$$7$$7$$$7$$ I $ .$.. ..$. $ $ $ $ I $ ~$7$$$=$$$ $ $ $$$$ $ $ I $ $.$$.$7?7 $ $ $ $$... $ $ $$.?$+ $ '++++++++++++++' '+++++++++++++++' '+++++++++++++++' All your important files are encrypted. To decrypt your files, pay 1 BTC ~= 6.436 USD to the BitCoin address: b3ceNgafxihd6gcyVC6mlDae2IXZ8AROzu
Wallets

b3ceNgafxihd6gcyVC6mlDae2IXZ8AROzu

Signatures

  • Jackpot Ransomware

    Simple ransomware first seen in early 2020.

    ransomwarejackpot
  • Modifies extensions of user files 5 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jackpot_http.exe
    "C:\Users\Admin\AppData\Local\Temp\jackpot_http.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious use of SetWindowsHookEx
    PID:3788
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -s WinHttpAutoProxySvc
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads