Overview

overview

10

Static

static

3

2e1c9df867...18.exe

windows7-x64

10

2e1c9df867...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe

  • Size

    371KB

  • MD5

    2e1c9df86798281f7bd72a4ec576c89a

  • SHA1

    63ed5d5ebc6cfeabc4159cd151494101708dd154

  • SHA256

    83e8b72b3f30b2f74ddc49f2e7e510a1b6e2df2d25f2b12b359094858a4562e8

  • SHA512

    46f30ab59a5e079975beb7199d68b9f283a052f28ebb9bd0b1c03961437c0bfdf6050f157faa252968875e234080535f7261b96f7c8b0d622d1b58ea1ab754ca

  • SSDEEP

    6144:QgS/jqoVV6VCxkY4THjzgcwzI3eJv/2dg/c1NfR4aAfmKjjjjjjjjjjjj72+ai/:Qz/jhVV6VekY4DYz6svOWk1NfirfjjjP

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2180
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSIRIS-119d.htm
    Filesize

    9KB

    MD5

    ebe93db275775e99c4577544331c5746

    SHA1

    14a892fa9ea62879d9a7ff6c008f3915c80556a7

    SHA256

    2a7cc84943dce4610b3a57beb12a13bc2c6218a7d93563fe30800a47eb4340bf

    SHA512

    bf1de1985abc73f2164621e30d41785e2c4cea9a22ef9356c4f4517a6304c56406072c13f16fc2c49e938e26a6cef1588d8ac7485924ef118b3ad000521057ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    491509f13106a2965b58cb4757b7a043

    SHA1

    b73856cecd17eb75a7bf8862da51948edc543ced

    SHA256

    117662353f22c923f5edffb6f4b859b16559dc2c287471a050a3d02b919e0978

    SHA512

    b331a2fc0bbb4ea7d6ca61c5776a52b6c98a47e568ab85b3317b3047b4ef9fed3a1e8ad8b4d8e5d9418b9f5489b5919123b7e182ad6a85e9a294e4b2c2f92dd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d53ae82ea06decee8374492d23bd45d

    SHA1

    48a3674396b88090a5103f25e99005bad83f0958

    SHA256

    cdd9bd3bf237ae11d6cbd0a656ed8eec6ee52a57a97763488373690f232857b9

    SHA512

    b29ea4db3e2985e46e88d79c80e237cd825170c077ef516198cf8bc8e757ac33301d81e8088e3be6ec17c033c24df1c582d4c5a92a3eba92734e6591d9e17b97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3bffd4c9dccd74e328122a33f3ebff8d

    SHA1

    813442c853710b365059c0d6088be4144a85ff2d

    SHA256

    68abbd63113c637667cb64c3b6e70f687717382e22eaed81e732078ab77fb4cf

    SHA512

    e2a0820cc445c7f4e62aeb6a312a8d4948657cde20bf905f293abbe90a7fb4ce242d748eb64b4ca4ad5b47c8f69ca5d29806da9a210f4c784dc417d4a807c23d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fbe33c12d9bb6dadfbe3e32331429fa1

    SHA1

    adeb9f3902d43148e318a2c5401ad487486038b6

    SHA256

    69692fc0a0ec4f937c578d610957bb396641b5e0c868783291d16ec269bd4248

    SHA512

    932f02b9686659e7160695bd1dca4782b169d4f660e25dd19d257aea3e8097e91370d85887996e84d546a35db896eb9d8610be2c100f2d849712fc339183096f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8778e168881202ad30cfeebcebd9ed72

    SHA1

    e183a9eb6570a36db01ae104d54e54dae1766d24

    SHA256

    1547635c5832dd9596501b908054bce099c31cf0058697f20488381bb01396f9

    SHA512

    519e14c782e15dba0013494016bf23eabbcf285f94f0d7d4cadc1dc97e507ce2e76e3c3c441394a5eff16a9f882033d6b4b54499fea7065a7d57241510b3a460

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79bfd68588ce61f7827225c64a34724b

    SHA1

    71c496397c71b75d59759e06cc7a3a590e28c55f

    SHA256

    d85f44edf5a647b6235dbbc36dcf4f554de4f819867ca56d94e213027bb151b8

    SHA512

    85785caad2b66c9d7c88f5c812387be153e8cb635d960007650d51971fb020d2d18d56d5ae76e48c738d3bef490faf2a376990a4384cc64ba80c3700f1a743c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73839e39237f429ebc8496c8084a43a7

    SHA1

    6c508998d2fe041be779b504a16242d973f623c9

    SHA256

    d7dabc0e6377cdaf4ac2cbf98a2e141b6af61920a18ba25b7e9a76d75f2c557a

    SHA512

    34bb496aed52c0fdd344fed2793e6bfeca059cb225aa3294b5c4cf0d8c1958576d94969c1cd3f410df87ab9277e739e352a3f2ca28c767a3c5e340ed3a44518a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34a66a94329abee4d9a5d6554ee27437

    SHA1

    e07b81203aaf7ac7ece87d5c202c6ac34b73dd5d

    SHA256

    2455819bea44be9c71c116ee0b229ab1dfa9e69c91cd919c517bcb007b6f5f99

    SHA512

    c77a96b6c5b2b8a5a1d21517e927376d85d4c3894ab1ca569176d643bde1f61c882ab4f4e43c681474bbaea3ecb5e98a5ba1f602f6f3f3c5ac9f629da328f893

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d85c56d4b755824d2392fea6f596ed1a

    SHA1

    7865eba269cd8735d53aab95e91dbf49b430bbdc

    SHA256

    9160719e3e9b4e41393a67db14711847b1fc6557dc3fa08fb73271336b27ffb8

    SHA512

    a059e699e758226f250a22052b6625511449108df29cf2accd3b4267a15b02ff0fb0fd22567ee4cd3d046b3abbdb621624d03cb66bd2f832fc76ae56bf1eebf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7f5d967ea2ea4892b1356d40da7faba

    SHA1

    538e98362f7af401a4e407f832e358a5a85bb220

    SHA256

    00909105e3f5b60e083ba898e8553bfc196fff41f0ca3e2f90fd1008f2d99c34

    SHA512

    64d88194e2b1de226df76f97aad24aa6acc2ea37ebf7b1a7e15db0a3503a3315908290b5875f03105455bfb82947122df3cd3fa1cfb856be25b5f2a4488596fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea7cdf29a5f537fba2c1acf91282a8bb

    SHA1

    b3407415fa56c869b5669cacfab48383335db76b

    SHA256

    681cca1f428aea512e43adae69d8784f014506cbd54ce34d78c939de1d03760c

    SHA512

    f7c518eee6fa4c09219e3c0cfd3a008626f54efeb5cc156399189a177cf02fcb88519cd12e583fffeb1d64e5bf4caf6d3354819af714a1e5305d464baff2d679

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a2d8922fa3c25af2d49d6ad06947778

    SHA1

    da59827b1cffe83d1d5a172d86cad9cf919e591b

    SHA256

    01b91d50c56ec37d2bed5b85d1b2a03d3903aa434497d34a670c6591fc3b99c5

    SHA512

    644cbab803b651523b8f07db9f44524ea21f57cc151ec693ca34c3d6767d23b8d9dd62b2f0b8feb26e215b12b7021d3d29e016a14da38a9e7565a953044c6598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a0e8020164efd690d3eb6e8f9321e65

    SHA1

    9f56acf020b8c5eede613598823c74f4b147b93e

    SHA256

    f6f1378e9f37464eb999757fa5620ede1ada4fd6ee94941cc342d9d08cd684ad

    SHA512

    1ecdc352902b091e1da415742b6601568aa87fc46b3e707105a3aa21ee6f5a8bc4b35c53271893bc2e583e590539e5acf686d49ce4d8422d24351ec325dedbab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae438d568736fe906ba7c67944b79e77

    SHA1

    0401be1fc868ff478691655c0ea4204b19fb3dce

    SHA256

    0b4d450d45d30a34f910b940a6810a20e7091f0200668db2203e647a7f0abb07

    SHA512

    d9f47da5c584237fc2e591b35d3d20bbaf5872c0d084d4964b040be55754419f3cbba1c1b3e3e23d4885037261d689076e70de5143d21302e2ccac6d4427628a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d77043abbc6d894a0015682ab27d1ad5

    SHA1

    a06634bddd83127c49b0074326e2f58a91ae81d1

    SHA256

    e0239bedf5f1e56980faef89391e66f86322cff878eddd9e469b89c8934e3858

    SHA512

    697e304efae3cb24b3027e18d13f9eb7a9be326d1d0dd12a4d334dfd91a5d93e95eed9bc2d3c49903fffa48b8fbd99aaa5975e2c92faf3de37440a706db6ecaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50f3bd0d8ae47e7c880fb47111fb42a6

    SHA1

    6c6569a8f9813eeb302484abd93e941504933cb7

    SHA256

    c43e271d3916f034d8cf75841a75cb06d8d2fcd4286d7934297ae7892a9baa52

    SHA512

    a13f1af375eb664803ad7f2b9aff010ba0d8d4d171d9f4e8dd79831eecdcb3020ad9b6e9beec6f5f4c6fce7fe28a9398c70d01a99db45d8ebcf44e662ff9f521

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24a4c67e72052349dcf6aefce158fa66

    SHA1

    81ab1cc2d9bc92142c230b294050e948d41dd727

    SHA256

    e81c57b1a646fdb0dd18cb59de43024199686f166392dab1f5d86c0d147ea185

    SHA512

    5bf5b13d5390eeb8567d805186ce6e2dc16f79706448caa008dc98ed9906c8dbd21f781504521094b64dba217193e64ab51002b08c6f64607aaf8278c60c6aad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f2533145736293fb2e13afaf499e941a

    SHA1

    79b4e171ea0430d6c477a62f7d4c9c2a5f8f839c

    SHA256

    804bc118445ca47ddd2bf398a9a8c613b9b01522d4263cd9dbc90cf300b131ea

    SHA512

    59e3a3a70aae9c488caa9885bdf4e3e497072c280c2d9072a45f890f0b8a27b0996e429f333627cea29dd55d5d761e4d5162099fb55f699e487efb0ff4155e67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE15C.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1AE.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.8MB

    MD5

    2f48d8c16d2e8c4b05885de86ef01db3

    SHA1

    9a2c3c7cfbc50ed534898726017ffbf89f47bf22

    SHA256

    6fbef2ba199c5f585cb7669d982151d6e67eafadc73eea58f08af9bc954c8f2d

    SHA512

    385b4d7b03d9cd726b0348ebb592e619a019dd5a75490d6cc774619ec5715f0f0b722d0928c62004863dfce92efcbdc612adb2e13c465ed3dc0c3677f3f86a9b

    Download Submit

  • memory/2648-324-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2884-318-0x0000000003FC0000-0x0000000003FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2884-5-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2884-4-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2884-3-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2884-0-0x0000000004070000-0x00000000040F4000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2884-7-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2884-8-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2884-13-0x0000000003FC0000-0x0000000003FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2884-12-0x0000000003FC0000-0x0000000003FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2884-14-0x0000000003FC0000-0x0000000003FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2884-323-0x00000000049C0000-0x00000000049C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2884-2-0x0000000004070000-0x00000000040F4000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2884-1-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download