Overview

overview

10

Static

static

3

4a2592bc63...18.exe

windows7-x64

10

4a2592bc63...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe

  • Size

    392KB

  • MD5

    4a2592bc635987fa01678a5eff79cdde

  • SHA1

    f7554f1f50e31080f6dd6946fc3755984ab4993e

  • SHA256

    47f9ce6bbefff2abe7311f6d02196722c95ae080cfb352aea478600a144204e0

  • SHA512

    807fbeb38bf285780a1cdb4dee569a077123fbeb28861738f001334171d6d89b7d30e53546f878cd3eff2e8e0763b92ed0331e59397a013150df13860e7e9d52

  • SSDEEP

    12288:7pNnoX9enkmyy1SHZNZlnb/vMR7EFE9bthaxS8g3n:s9enkmbSHZNrbI7EGwxkn

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2516
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2828
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\OSIRIS-e586.htm
    Filesize

    8KB

    MD5

    ef6db4453144ef5257b2e9b726392a1c

    SHA1

    53d5ca76c67fab250c3e4d59b74ea0d202944c6f

    SHA256

    f422487621ce2d3b7e562c9fe61e13a3174fe36163741ad3d16ffbbf30c3e756

    SHA512

    05bf81e022bbc24ac7e9d81557b4162c2621414cefb7261132ecabe9902e40467f4e6272257f9a89db7e15f3827cc080a8758f5b35789840f82236c36dfbaf23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    393924ce71fc377959947d20ffc203a5

    SHA1

    0098538000bd3a38f51c03581807403ac8babbd7

    SHA256

    df6cfbff3a1ec2ca620872f4c7066440b9a401b62cd863e09c182aa2c64e3488

    SHA512

    ca4f2327f9608ba32f0e2a58a66739c23e2b7b100b4b1aaef3967654d92dafe5d04beb4a664800b8aef17166c5026cb68d37ab20e85b2e8f74f83d6ac7cba4b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    567578def2afe5f4c542539e1f5417d9

    SHA1

    e653520c19b213eb7dcb8c733c08cc633c779c5d

    SHA256

    6e0ba25465560f4d213a05c57af312659363f011617da83c6f0ad1bb11fc2eb1

    SHA512

    687014418d82abb42f0bf9a2b14c5ee3f1c317b238e5b37e941c8a32c102e1b49d08ed1704b910eb53ed6237df680cafbcfe68ceaaba7ad9049fd7cdc8bb39b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd2f751542c354fc4239e4f3b91e1622

    SHA1

    82b1eefebcdc1fe0d06e0d665d6585f132405c37

    SHA256

    1be27589d8113dc583387720c9268aa83114c43f7e41f71f935ce0d6e4d1e6ce

    SHA512

    d8b91cf5e127115fd85ccd9dddb46f35c4efd06964df65d8b04994b31c7bb98c7c7818beb715b38cce5b8d2616fe53f96651a67cbd43b9949389f239dbeb0018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3842ba61ea0579275cfbdf6eeaf22e75

    SHA1

    6bc8a66157339f27c223a22aa966888a074fd858

    SHA256

    c81760dcfa05b3e62f09c09c609f5fdaa9c92b0cc5dcf7112a41e24f6fedcd24

    SHA512

    61c7e39fa540ece512f96ba1e508b10ee9f7c886d402348fda471129b0c3a1c4b15552a752b99b8954e97e940f8502ac315f1b2a56d7ebee1bf27e90aaf2c50a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a58d06879adce4de9704032555e855a2

    SHA1

    418e4d9c0cfd238a0ad70322a2e154658bf9ea10

    SHA256

    775a0136ac21130a83b9f848c7032be7f77c2dc9c2483846e8af8ee26144a228

    SHA512

    cdce37ab56b49d84c52aea08c68c5f55f2c103fb456aac9dece36ca3a3106ba50ba722c66c414a56784915a0499d02f14e2949c1c0643118b0243a1d6a93da71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9412f76eeaf1f8ce35989858fdef5ed8

    SHA1

    2df295649c7d8a694c25ac662038984f96e19aa8

    SHA256

    3e3b3edc7510f71ccef052950d30667285e5d9521796b1ff34ad82af884a3f08

    SHA512

    20402b3ad47561a14df3751f5cf6e1ddc30376c40172934f88ab29b2bd4198dcef301e1cb078aef349232dae33c55eb593086a23b94d12bf33447b27f1d0c53a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b8e6eab1fef72b69673a7e2d34368d25

    SHA1

    07bc9392e0ffbb4411a5783a4afd5ad302430e04

    SHA256

    efd451f1141f9d6da31f6cb81366ddd5dd2c9fdd6c34998d80b2c4984e45ef2c

    SHA512

    12b1d7231d3e6d6e108d4dcc011c9f03c375b83610507025118e60c9bcc58fd109570891471da1d10dea2ecdb789fd2bf74ad120c4985d3467a2094d6eb4c118

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5865090b3d70d4a5f8ca1cadf7a892e2

    SHA1

    2423479d7f7e795d29fe9b9d295054f131bbb768

    SHA256

    20ec9511ed986b71869c0595c7e827ca8ffe236eaeb2170ea45a707b6028c13e

    SHA512

    250a89157f155aa5ab8ce9f79b6acc16a1cde2813faa8baaa09c92887823e520159e9bdd8a95cd699157557bb27fa3255e1f52fccf611360037205cf4c7f51d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8ff1960c1732773af38c4d677a6c878

    SHA1

    a50c3e25c94bfc28266153190b08375ccc012022

    SHA256

    80007068b189f86df4a4489666d3a8c295906d10e56c1f22ee5d88af3162bf7e

    SHA512

    3c012fc97414d2d7d8220d75ec972ed9ccd18a772c23050cfefac9d0f0a4f7e2a5296f4113418ab971f3158d83f1c7ea03c1a7a2bbd19b5aaeeea189b59684dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98479ec24e1dac9e197524051f40818c

    SHA1

    89de03954c8b5dff112de510800a797fa4f28599

    SHA256

    45f6aacf747331643743902e721aceddc3ce36029eee2c4080eee022a8944ee3

    SHA512

    1834141a010e40f94511d6cee8d1dec392c1be39d87904b6b142e47b6213ad53853fbccf9d3f0266f996df4ca5d3c9068381c4cfc94ddc4588eb7208ebfeb4e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64d65d42c34ba2be63df2940e2b3e1cb

    SHA1

    3d2d063abec568a6da4e4890e43f5bb8f86c8b24

    SHA256

    ec5173186fd578c1f7e5bf3e92cacd10875e69a5ce4844b7ca04bf26ee836016

    SHA512

    88cc1f385294b329e57afebf0c15a876be7f4188a079af7145119fd570bae767b99aff28a5d11294fc37dee57be527b4e8cd78c0343f1e7bf8be4d3aad091d99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    596106a27730062c4781b8f22d16fb4d

    SHA1

    c66ae2c600716f18998fe57c173e091e7a7f0ffa

    SHA256

    824d5261fcce6df068ce1d3866271e69025273d8cff298ab6e4c5d7441b19d04

    SHA512

    8c02c87f8866d3ed7c21cbdc745f8d69996ec94de1cc80a0fa64c185f0f9f23a720068805643c496de352ed1e63713149d77f22f474b2c72ca3ee9e099a6405b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5766d22fb541993c869df10d03fff82f

    SHA1

    7a15af1ff99e6cad3283430844d54d13da0ddf9a

    SHA256

    8899460ec0de52dc461b80322c8d90f5734677070f08b2c0a832b9b68a1bc5fb

    SHA512

    6dbade2c55277b86d34d73524da2b8eebdc7c8881f354e6b3107912f99c0ad29e8af8e747dc24bb5b258fb7b26d9230d3fc15ea500f0684ae00a9a703585b9bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f15410662c2b42ce01bc736f50289cf2

    SHA1

    fc772ae6ff1df843dfc0ad1c4d895a8b411b8a55

    SHA256

    b72fa5759ad4b659a860eab6c4bffb29176bb666b4b9a00ed4552d90ea7f5138

    SHA512

    67b6fe3cc347b6d1bc0c554cd90cd2cd11a3c85738bb2e7bdd05e3afeefc1629f91b867799c3bd10439b4df861d71e676b1059216a12c21648238ff23299adb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    209f1478dd89c8bf2225168afbaef392

    SHA1

    300ab993fe62393564a25394e6740072e9562ba3

    SHA256

    71612ec25cff4577b732232c070acd79e89871d6c7c47a0e75f8b7759bfdbb85

    SHA512

    8e38427f1b0de926bacd38bc2fcbb00bbe09573f602fbdb5381afd1ec2e59425c94fd6b2701decca32cf9f6e044e4a3a485592d98eaf6d998f7391719a8f98d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2bd1be81d2913a6c6d285de2ec4b255a

    SHA1

    62fe2eed6e5a28ab1dd03792cbeb945fb2f953fb

    SHA256

    7ee69516aa30a28121597dcd86c3309e60b018e493435d2fe1311a91fa56106b

    SHA512

    9bdfa32e3d5b51e71e9ac4c081fca73996e440c32b82b58235979f807286b2070845e1f754fb5b6c8cc4030e3bbb73eb6ac964b0f3d6dbfa7ed519584b7a4cd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e073bc55256d8c7d79c1bd69f873017

    SHA1

    475bd695f6a211b54bb15b978b0acc24f371d71b

    SHA256

    33f539c2f7c9fbe6e32718c1b77853773b9e8e9bfabc4e16bb1b41ed87710e6b

    SHA512

    57bb2068856afae68d0e2aa92f84844f9aee8a662c272b040c5442678c0f7328cf00723b06cd4a4053f80cd30256fd3f2bdf5a2eb2fe6c76239975dd879956de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aedbec5934a26a7ff98ca6c2698b78c8

    SHA1

    189bcf9ab66219d3bdae8a97333b9e87f731918d

    SHA256

    2b39f8e820c51dfdb5c6e0f01299bc3d8a54b650f900b450827ca6af17cad5e2

    SHA512

    c321c8dd8ef9b1cdcba94416e8fc65245456ed5a62dd8636fde861178671d13ffcbeb80196c3c7a019357f379186c48bb53f2cc84b07434ecda9f6c5dea0c22c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be70efc76c62be949fef3843c9465253

    SHA1

    71edbc09d05cec9857feeb524c1180b585104c3c

    SHA256

    b3180b6f604b77a841f0e6ed1ec84bd8d5318f4bb84e4032b42aa45a41b09d6a

    SHA512

    6e3743a047c93b4a8039fe5ee21fec201290b7a75e7454e725b80b4e85a0cec5a7c75a4cbd8c74dd90548c83dc0249dae23958d2529ea1f6a0916c0ed5ce0632

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEABF.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB84.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.5MB

    MD5

    dad5382ff2bf27f029a4d45c2bf60456

    SHA1

    6b11531615d2ec511a41086f66cb5fa023ac9dc5

    SHA256

    3c6e38020e27f4838e63bb89a4f58547a825cdcddbef6b5c1dabff04003672a6

    SHA512

    d5de4e633996a605a61a26e65c1779bb317eb0f437e9b8c6917b67fc848f32da5662aca4f3610ef2cf3e4bd5020a75c9745840d89344f7db93075cb2ebd6ccf5

    Download Submit

  • memory/1064-320-0x0000000000120000-0x0000000000122000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2384-10-0x00000000047C0000-0x00000000047E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2384-319-0x0000000004C20000-0x0000000004C22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2384-314-0x00000000047C0000-0x00000000047E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2384-11-0x00000000047C0000-0x00000000047E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2384-12-0x00000000047C0000-0x00000000047E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2384-0-0x0000000002430000-0x00000000024E4000-memory.dmp

    Filesize

    720KB

    Download

  • memory/2384-6-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2384-5-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-3-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2384-2-0x0000000002430000-0x00000000024E4000-memory.dmp

    Filesize

    720KB

    Download

  • memory/2384-1-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

    Filesize

    4KB

    Download