Overview

overview

10

Static

static

3

305fb326b1...18.exe

windows7-x64

10

305fb326b1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    305fb326b1906e92a4c31f5c64825cef_JaffaCakes118.exe

  • Size

    330KB

  • MD5

    305fb326b1906e92a4c31f5c64825cef

  • SHA1

    f6948a54ebb7d5a9967e48522f7f427a15911ebb

  • SHA256

    4c663be2abf9417d8160f68982f0d8b9907afdcc51838e72185a8f7738f99e51

  • SHA512

    d1f7ccb092051292bfe84d94ffd78789e8fcf6ac910ad0321a5edbc07f187b06f38ab3bea2304f7e52d6e63dc05f09234f1da84df1aa0f0785b87e3474f4718b

  • SSDEEP

    6144:7apl2BRuSZIGjF19erC8cGP3ry/IstViG3t7l:m2BRFtorc4UIstVV3t7l

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\305fb326b1906e92a4c31f5c64825cef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\305fb326b1906e92a4c31f5c64825cef_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\305fb326b1906e92a4c31f5c64825cef_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2420
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\OSIRIS-0af4.htm
    Filesize

    8KB

    MD5

    37ba80c6a8e5a97acaa4180b74fb32e0

    SHA1

    afecdbb828cddd1ab3233d459f5ee80e98e30b70

    SHA256

    2c2e526287f5651da56e9946e811c14a9c657921d2bddf38913da4aa29358c97

    SHA512

    6f80b089e22b17149f59f7d1f7bfa2f8219ec526df7dcd2650f8d2d9d7d58b98a94345b4892d4d8b94091d34019c69f698581cdea4e094f4452aaa32d827dd03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f711ea2b45dee096d10aca8ad6144636

    SHA1

    4a676a2ab6772a335952a6ed04fb12c30bce05a1

    SHA256

    a83dd04a62f585163937b7f883b08fbb402d528ca60a026f98f73879edbe8224

    SHA512

    4e31eabd5301dd14190dbf3fd5180b2d69f273f17fdf48a6838817682b62916c9439dba44b64545bb5813d57794fc1e845a1139926b290a14180f71d2d8043d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c68ded183e7af9c931409c5bca3dcbe

    SHA1

    8a73e577ab33ec3a47fd6a9758e91a872eb76887

    SHA256

    888d300a916bb3a303c14c70c079a372ff3a4306256a0d75ec77e132719045c6

    SHA512

    e8ce46a7a522592b551f904e9524c108842342c54fc75adda4a9ff8a8e3fb03a2e69b4c1418b913d6ec01e1917db017e0111bed93da13943b3173cdd4c41eacd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db3c2eafb39c5379ee5b75de830824a1

    SHA1

    83eb9fe244f8f3f4319a01c0226063dec046044a

    SHA256

    31b922591d76bc1a5dee7f7a8aebda74115c17420cc522b8be9591b9284408f9

    SHA512

    a51c696e5248b4f1e277ab8329c0d2758e91b8095d1895e41a64bebf224e733345f26110c5ded45c7684091415860af677b6e37c88339f3a2eb1cacc769645b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f2a6a15b1a302797b7ebd2396ced528

    SHA1

    f533432f9775cbd9132c80599cada20619803d24

    SHA256

    4292cc7a4377943dff70054e5f15eff6dcdca30a8d78ecc8d822b9045797afe7

    SHA512

    2c4196cecbc5cf5c474a71cc8e968af08aa601a212bd541141cf000195ae21615b8e2212108145f2ea7fbb7ae2a26e87c8c214d1d552f272b9dabf69ea24b969

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f83f193a25bb8093acb53de546848c35

    SHA1

    f3395f7dc8b507cd6c6f28c64378bcdb5920cf9f

    SHA256

    03608b6e6767d4a37c31bb835ef47d90d0452dd550eb05d1622199acb19cfce3

    SHA512

    769042c2f1ca57bf5dc60cdfe8a9c33fbe60da16990777e9008de7a8ccf3be4e47bc8a64db7d86af9557efc43ad3f0cf8f3d49d5a8c18ea62e9e64f99a902d2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    058180edd9d92d9d0d90b83694ed5e53

    SHA1

    175e0450a36f2bf389eda47f842672a5bbc6bc8f

    SHA256

    5f99014ae6125d74bc741d00048c81944ebb0435804d71613c3ddad4a120087b

    SHA512

    1925a1ee0bae161f73b5ffab3e3e236208539cc53a5956b522e96d6257d579882b60b94bfedca6d71f1722d6bd3e558441f0e4d635415fcfebd01481a085c342

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    054486166403599060b7921287be9676

    SHA1

    dbcf85d2c16a71147f8948412400c0cf0417b0d8

    SHA256

    cd91b573d82c5295df930e7a37b654314b96d5a71ec94591f94d8aa8ef0efbd4

    SHA512

    6468e5c14ef6802c0e220fcd13a6508ef76d605a96101b3d8921f5f18dbb9ade27563fcc10f442c5b85daaffdd394915a50f2f144c3051c1018e73e6b6385f77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b5231964359daea4e7d081011b366cc

    SHA1

    b84f3e721243d1908cae8d11e6bdffa04f5f76fa

    SHA256

    e39e6678744f823e1529e914dd66111eeea91f6cbd13bdea803644e3bc686246

    SHA512

    b01ca1a6d18027ac3eaecbf774e822d8666c05830cf760d7103a34992d70a6dd2c46b43ad74847902854fce09218231d086aa36777931e37b109ddcfc8e27158

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    442375aa4e53a3b46d6cb9b5447f8271

    SHA1

    f291951808547009c3c89f4b581eda1b626d298d

    SHA256

    976168303d7bb58ef83b3bf048c3bb441af5084b8618a85743595eaa6d1a0ce0

    SHA512

    3ba8d18c5fd55c0eb874422010135cd025c435d92d70794017685be28bff6270ac358190fb7e6fa35ad13c8296852d404dee7efb1e19a6c600294f2ba1bf629a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7697b9350af3644502f51c017ae79771

    SHA1

    4513a54803cee376ccb5b18cf5b5d8765c329da2

    SHA256

    880394400a101dbfa5c15915ad8fb426dd30d1abba3595ef9ccee7f0b1e94bb6

    SHA512

    943518d1afa355555ef542db3adff3cd1f3552510e7696ce3380e578fff0cb2e223b09af41ebccbc43f3fbf5a5abb74aef5339f6f1e605f1466a07ad13410bc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd728725d1c337da189d93b0eaac8b0c

    SHA1

    746d63cb49c34736cca802fa0914b66fae24793b

    SHA256

    1fed2813c4b07e08c995d13b8ee5cb3b026df522246c0b05112082d9d4e1e9bf

    SHA512

    88c5cab7df1d44abfe4e5e0bd7e1b7b9c7cca1717fe3c7ec7f454e267a08518c24bf8659d93931e657506a9e894d906b7450c54e1326a5e2a9d90f58aed2254c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    743c173811e812180cce703a2e9ffd1c

    SHA1

    465f4caf84773755af8063c68edff7c4da152ba3

    SHA256

    0d22f08ad8a55f8116c031850f286340324a239bbd6958a3dbedb31974521812

    SHA512

    6b3261c9fc86c2070e1e3768b9cfbdfe8274af575cbe143eb4b93b25319adcff066c5510b8891d3ebdedcfe8c13c8a687620199307722cca2719baab1f2c7f29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    599aefa0ad1869f14b9d9f12513747c4

    SHA1

    a011d3d9d0645fcc278e58816dc84cfa87d47535

    SHA256

    e56ff663f0d683a895acdbb2c3fd25bafb9cbcffffebf91f3601dd819fb2fd71

    SHA512

    eabee26f6142c9c1829ad81343d5a67324dba5e95b2948e594578536c6310f4e1aa994a2b0d75be9ec3445d2bb6e384dd02a83d71abc2fea42c569b1602c29d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3b0e598cbee88e894d3e44498f67253

    SHA1

    a471882e2851d7edafe82b606917c0837178f98a

    SHA256

    794c3e2f1588cff2b85e6f6fdda4571e160676cbbad6649e9e82ca74446c2777

    SHA512

    34fa6f4f24472c40dbdbad8b407e2f48288b6b96b221a1b7b09e4433aed29683cd001931def5078e68fef42b737289fa3b548ba2a6947d84f0c81e9bf687adf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    842b7ee9d3b06524b2b1840435ecb437

    SHA1

    afa8a8b8bbbbd48018dc433a297e0765bd69344e

    SHA256

    1babaaa5770add09405e59f77a7b88ce35b29a621556545e2a1c6886afd5441e

    SHA512

    120753a1934cbb0928f94dd1c10105656f3e3b8f6d9b229f7487eb776dcb309a68c3018e31f890472971b41906805d3cb4a68974287395d6d4b9059325fc3bbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3fa0509db44b0d1dd9a2bf242b5b176d

    SHA1

    683370ac0ca900da6d8bfba471a099aaf960ec30

    SHA256

    c328d171c6eea8314e2e3b8601c124e57a08f90531be05941fcd81823db4c2ed

    SHA512

    0cfc9597afe253cc9adaa350ed8bf366ee08685eb9ce7827397d36ac2d76497d51c0abc42a2c777424d2ab26869ca67a11bdce1b1512854a05eb77f949e96c89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a30e77234b7cbcdb2534b90d361a94d

    SHA1

    9a10ff07704882367d08c56bb31588a49f5f9db1

    SHA256

    5248e1ecb40297a8f225defaa6a4e62a88017e699c81aabc7e6ecafa6db87f32

    SHA512

    43ec00790f836354520225d56b76d2033535dbc0b57c3e72c59feb130889a602e22796bebe2d2086b0e14ebd5031de309949f29ea8ccb90e4826e253542d6911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cce096eac3d8c0501d9225774980beb

    SHA1

    06d9f6d7d461f42225670ac85471f8938260b175

    SHA256

    d5a37bed11ef5b69c1ecd3ddfdc6f90aa389be7fa0ae0c978aeed4899739b32e

    SHA512

    4d272c5ba9001ee4eb2618d26df9ca9cf21b3a18e278c9a8a04bc1bb05b21ee2a97512abf636e177526e8adcbe6b41e57a488d726b3494ed7688f01881963730

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ce4096282c495b499386b833812f9cc

    SHA1

    ed8cfcc7224897df956c9149f2beecde4601cf88

    SHA256

    4439ffb8fc043d05e55da0afdf8aa627862441520956ac62d4d6b7930bb53279

    SHA512

    a51af0f82081cba66cc77620496c16704d8673b2959b972b662c0598f2f14d753c60a4b4e7a405baa078b5cdfb0269df458ca1d1ac6bfa4a9019ecee1239e1b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef55dc8cb6a8d5a6bbe1f62d92ce2c44

    SHA1

    ccb15095a5bb3b2f40de5da36d241e0eded22de3

    SHA256

    a5b43b4a4493a83494990f80c7a1b50e11f148853a9934533aeb40f92ed7b0d7

    SHA512

    d031afc3b1d873fe63fa17ef6640324d1c6c5eb7e893b1732a6dd2c92cc869961607a43c50dbe3a1d55f73204a8e533d3e7054ed29266a994872db5d7cf32be1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab13A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar22B.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.7MB

    MD5

    d754cd23b5b8f008ff357ae977e85b07

    SHA1

    256fc1dc252a63b23427a13136d702cfb9826887

    SHA256

    a51600728dcfee2ed0a650819350fa27875df87b8092a351f63bc66a104fe590

    SHA512

    1fc641f3c973b08755ff8ca3fbe105960be2827964e0cae504cba4bb82ac6a5dd9341e93124d91263652351f3386a8a5258cb613d4ba098776ef02ab80775dd2

    Download Submit

  • memory/1500-2-0x0000000002A10000-0x0000000002B10000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1500-25-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1500-219-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1500-323-0x0000000001FE0000-0x0000000002007000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1500-328-0x00000000034D0000-0x00000000034D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1500-8-0x0000000001FE0000-0x0000000002007000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1500-7-0x0000000001FE0000-0x0000000002007000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1500-6-0x0000000001FE0000-0x0000000002007000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1500-4-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1500-0-0x0000000002A10000-0x0000000002B10000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1500-1-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2548-329-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download