Overview

overview

10

Static

static

3

38bd1d49f8...18.dll

windows7-x64

10

38bd1d49f8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38bd1d49f88201a9a6a92ae3f65559c0_JaffaCakes118.dll

  • Size

    141KB

  • MD5

    38bd1d49f88201a9a6a92ae3f65559c0

  • SHA1

    010847f30975fbac9a45ffc6e70ed640614e4852

  • SHA256

    21a77e00627ddd6541f559651be67482ce29b079969379038b5ea5424c275cab

  • SHA512

    4ff916f7ea78fbd0c0fbb663dc53d8a6060fae819a7f0da09d114d832dde1634943cb603787954fdb0a5fbae20bcc0a2d29157f7b7a1139c8f41424a655db858

  • SSDEEP

    3072:CoXnIzY4t5wotjf6VVD2fghuM8/GlAALeHy3dYZGcZhwn:CoiYoy4inD2fDMCGlTOqYUcXwn

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Blocklisted process makes network request 13 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\38bd1d49f88201a9a6a92ae3f65559c0_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\38bd1d49f88201a9a6a92ae3f65559c0_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Sets desktop wallpaper using registry
      • Modifies Control Panel
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_WHAT_is.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1828
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2816
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\_4_WHAT_is.html
    Filesize

    9KB

    MD5

    b245db54aaacbad520dc5ee855d9f04a

    SHA1

    e9bdb3eb7be0379c80695ae7eeb539d1db28cd15

    SHA256

    8d989e07e0ce5b253b2993e1a01e627c36239ae1a1c0ad7222a60be8a280eda4

    SHA512

    9ebfd00579a92fc8288510ba3aa9c3ce2bee31a2446b6c90f5d5fdc8a695a610d94339fffbed2272771d1eafe49731c083acfe83f6528f1a4a25daeb1c639e65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c055af92bd5a143fb72493b290375be5

    SHA1

    1dea890161393a3ca6e97f440dc3fa8bf1b5a871

    SHA256

    e0e90e4c77562096d89d60efcca2591f464c62d8c049e29b309c8e6ff22bea5a

    SHA512

    104fc8abda7fe0847a6b8d6231d356628a793f48b7b743ce2c9ff3ba689b2c9b90700bf70acde7d40ff2c6160a3127572f1be7e2c0b77c1e1ad2870ac87c02db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1377f84b1ef37136a38cf8ac40d20d35

    SHA1

    a4f701660eb3e995776e0ad2dfcfa89f68ef3216

    SHA256

    62ec2c5be636cb18913db98ef13922d9b1c5e90fca380ce6ffd0ee742b5d119b

    SHA512

    3de16f154059c494acdad0bc252618d15355b10079eda19e3155ac3e8495e66b5378ed6bcaa954e7235324975ab2c6a971c370917a78bffd0d865b7ba15b448c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7aed631b03b6cf764fe5916b20505de

    SHA1

    53ce1b30332a51dad12a353640acd8980c319ef3

    SHA256

    08e10b05773ebf1d1d426b5292abfcb6520ca709b0e2ef76698ff9d0a86bf212

    SHA512

    4c1e0ac59c1af22f4b561b63394ae1079a7b1b85cd55a424a26e1e77255e73b50625ca0e41600b6f269bdc8ffef71b568348ebdb0655630eb31b6bffea5be91a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd6858904fdbeeabb6ef7904c5ae09d2

    SHA1

    499ef5b8f244a494c07fede58874c6e413dc8f3b

    SHA256

    4f74d32eaf284e9b2cf54e0f619367fda616e9c9e20e6d217d28684f78153201

    SHA512

    c71cbd4387bf6ef47b99dafc2c49f349b2f9278d64e36f625b1100a73dcb0d65141bba7f40e5e1cc69128bfd6f026cef5fee2ebf170c84d838b1f43dc4750fb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9881ecbe947262ec80590b1b8820d8e2

    SHA1

    a9b7c9ca7f85c45ff12e08839156df479fbd82a7

    SHA256

    4417a9f3b754536fc02cef329136ad28a47201320b91c9764d071a672b13fe5a

    SHA512

    27ba3ee879e3e7de307a34c8a762b0d43c5ce52d2ba958e8bf98ac7829fc78504b557a4ed76607fd9aca0ff34eb39e8342358059626c670784ca67fcb155f353

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b8a6a330fa4b037f5fc723df008eb60c

    SHA1

    2d19c7f9837efa10631b3a2dced883b41dae5b74

    SHA256

    e601cf7a7af04cc1c3c379bec66150dc6aaca3c563c4cd4ad43c08970143bc34

    SHA512

    6330d670a75c1cee87399abe56c73098d049388263fa31665bd5663ca2afbcc4d9697008e8df75920d7a79c232c7dbbd573f3a5c333238dd33e63338bef8833e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7ec3998d431c8cce288beec94fa2716

    SHA1

    1ebf089d44f3b396c82ea7576f2537a2a4a1662d

    SHA256

    cc98395c019496a03df54651fb3aa9b081a2533ad516220159e8f2e3386aa275

    SHA512

    bbfc23475aea2c4e31530393d047916098f112686ed0d3734de21bf7108fe6c8e0501f6099d8ae997bd7a223346dc4945833b9ed1fb37b7aecab550f2165c825

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    635c69e321e9d05330fb34acc9278c8c

    SHA1

    ff7736974c34f38c04d90ec1c236ef11f411e134

    SHA256

    acf86a2f31f50eefa794757c3c614b9990c614a53a1e40f088228575fbd94020

    SHA512

    3cad957adcd6a20601d3a951050a8df9a166a907d790ff60de697080c7258bcad6558eb2f0c2dfb8eaeaa3400281cfd0a269711f15200f081763240606d1d6f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD481.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD4E4.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\_WHAT_is.bmp
    Filesize

    3.7MB

    MD5

    49c86883b7027d4295f08991bc9996e2

    SHA1

    48512c8c1cbbd4f62ffa1f58552d2b06e56d173a

    SHA256

    9fe40ef02525e2692e7b21b0ed4ba4c3b8b4dea66f1d3ceb8635244eafa46521

    SHA512

    b92ec2a04d8b4913d5ebe5e63920d1fc18e5fd673e78f8ae0f5221a455f028732b1201e19aa2de4bf05c4192a91fc32c8334aa20c3e3f6738c3a8c7b5578054f

    Download Submit

  • memory/1088-333-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1088-331-0x0000000000120000-0x0000000000122000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1088-763-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2132-330-0x0000000000530000-0x0000000000532000-memory.dmp

    Filesize

    8KB

    Download