Overview

overview

10

Static

static

3

b1890a5b75...18.exe

windows7-x64

10

b1890a5b75...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118.exe

  • Size

    317KB

  • MD5

    b1890a5b75b42402d2f1c340460e62d7

  • SHA1

    bc6a1a2b547117c2cd4cba545eb456c102952a31

  • SHA256

    6cff63d3a2d066c2f487098310a5f1149e343e90e26f55887ee26b2a73b3ad22

  • SHA512

    b94fee716b9559cdaa44047f1e13d3c330aed4c60099e00e93e2ac4c0f201d7f8093f03b4a5d71c5041a406455717ece825892dbbbf2a79f855c1cfa29d90c0c

  • SSDEEP

    6144:Usyq4yjEuqdfBeobMkHCn3GbRSSMHkRfA93S8CtCeDzU2EuHM7UQA:UsP4yjLqduVn2bRSJk693HCtC8UnuH+y

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\b1890a5b75b42402d2f1c340460e62d7_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:1588
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OSIRIS-99a9.htm
    Filesize

    9KB

    MD5

    ca09bf38e20d89f0a875ba2f28c8aa0e

    SHA1

    d60f16280c6500c7b03f6b2f452d19b7c5d9eebe

    SHA256

    5dac0cb91dc6f484d72d09fc2de23192cf9d4b3fb1228f1d6fddbf54813f4ed5

    SHA512

    af034490320602ffcf372bf51b6b5af81c2c96e52189d896926026b759e8201834b26aac9fda1aff5770bf8c7da82dfb2dd555df06c16b3610059f43aabca880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    427ebe9719ca3752078732c8cf82f64c

    SHA1

    6d2db4a56812840e077b623c7baf8c8376c018c2

    SHA256

    6d48a5c4a24461d475873dace403eedb027e6da642b6ee03dd85686ad10f1746

    SHA512

    f3192a7fa951ee418f65140153e19877b551482093d5010d5fe1653c90dc0bc521aad71695afe119a8ba9cc49db42db8209af2fbf3d20e6cb783778e1331d8dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ad8e85e0c0b75ecc177fae79d94454d

    SHA1

    4f83f5bc99089531e80bae51d81daf48164a7a3a

    SHA256

    af0bdd9a85eb845510a550bd80bac87abc53cf4db4d447eeeff978c3e2a1f5bf

    SHA512

    ffaf8e0d3a22602c4d0ea992749fab6346ae1890fc9a97b0ec3f6d75cfb4bd166e723d871a2b2180aec655d5b459be20f8eb5dbf5d0eb29dc499e4c22a56e88e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45eb042280b46fb803106c3eff94d69d

    SHA1

    82f7dff0f99643f5af2a13b7dc768edfd014b1fa

    SHA256

    45f050a5004022c17045e28716efd47b57bbc8e036fdf702771d6ced31c41c88

    SHA512

    4f37fd7c7697c926a01a79a456803c2a3e622614df29dbaa5a92fdb2d3bc1a45ee8c6d523bd2b2fa8c602cef8d498082ae0682a2b8136132a5e5e92bf3cb3da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    802d5d0a4ac781a33a1500dcc62e4d7e

    SHA1

    e2c472dc24aedc2e3c5997e0f51fcea3075dc12f

    SHA256

    33e26840c2f0f46a6dd5db8ba86da644cba24b1e44af85341f1efcc70e4bd628

    SHA512

    00cd8e6a26d613aa71d65ff4a801e6aa4e23be32d5db5b3caf831de53cd5d4bdbacde5eb7d32da75e98fb154ee7895856bfb463923a316e99f5134f8d86252c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bf20de7ad8cf7eb21a7bb2a85c7d27d

    SHA1

    e10e91aa5ecf09e5baef3abbaf2e1458d1231e93

    SHA256

    0048e540793d1860209538dbaff8a38bdc3a6c32d14a4a383558ae8a6b3757ce

    SHA512

    f226f8b1da1128bf76d5d419ae97bb92fd648c63ec0a34e8df31ad2c537c77dfea375f0eb5dca961b8e2f12a835f0e7a22bd2f72981adeac2f833e2e9f058135

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d69979e5edfd0f37a05a80bd8afc9138

    SHA1

    8827b9f254adbb0d4eeb86d37aab652d116e1e41

    SHA256

    bbbb390c61296a81086a6a27dfa4b560a842a6b8ed179ee36958d13df625af42

    SHA512

    056f7bc9fcb43fb18e017bca9f8009cb60fade750d0a72a93cf02782041104143dd2527299b406fe88871d8dfd47272514c252487c1b91c40d71a7b483a96d75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52863490b7119bf1a0616bdd028306ae

    SHA1

    0cb48b10a209dcb5036ba68359ca42e5ea5c237e

    SHA256

    708b0b953e3e8406c4be334759fabf3f17fbad811a83df7f9f3da086d64af0b0

    SHA512

    6f5b0eb7c24d6cdc11d7fc70ed229f247dd87cd533573c5c201362885a90996ce2079e9742be5636eca08eeae20077abaa82b76aefac25e6aee191e1d45dbc14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aacaf273f5bdf50e796bbbf8ff298b02

    SHA1

    419d3e10eae1e98ee510e0e3e06521429548cec5

    SHA256

    8ceee9013b286b88da23d93a8f02f27bb39f05494883ff9ca7cc62f8b5fb158e

    SHA512

    e55929a3c17ad463ad8eebb0c2978ed9cf9841781f4b7c3bb33ae5ac34261ed7d2f4d1c774c22db0ef6b1a44c2c957117461a27faab9327b199fa0c5104e631c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab77246be423ebc0f34c6e1285d904f2

    SHA1

    34604a58c70fcc4f1f6344605a5ed14c4c2821bf

    SHA256

    216fad1ab0f52b40ddd447eb188b42c7b7137f19e97dedf4c503299cc8907b59

    SHA512

    20c5380f69870c35f76f1ebbce3ba688d3b4eb355c004938709bb0b04a9fd1bfa092fcb164958d11900170b53b98009c560d510e01846ee2b39a99828acfba5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75a2dab54c5f9e6e466c48e741983601

    SHA1

    b1527ec4b93b52c995ed2bee89a483cecbd28e76

    SHA256

    0aac568860b42ee4c352fed331cb8109dcd5b7ad11c35ef2a83c58a3c8782322

    SHA512

    3d56c3c0bb305b52ea702f3d8c35b74735f362dab76e546e507d8e1d4ecaacc85492b156c1f4465a7d52d55161fa72d762b1c6970e96e202b288e54a3d652d5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    822f2a0f0f1b9daf28042d7e2990230a

    SHA1

    af74cba313e4eae4d88bc8faaaa594a71c3e48a3

    SHA256

    b8334db2608bbb0df384f67b78e46794e374c5cdd75c3d01fb4171bf876e58cb

    SHA512

    e24bba138c6da4ebbbb5dcef43b9768446d6f7c3a59817d5d67ed537a4d38b5eec5842c454df1d4b66365dc368974b55050186033ff7f6e9448d848a243bd707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec4980dbabec5a33643f0709e697454f

    SHA1

    288f48a7006ccaa58f93456078a6351e20dd38a7

    SHA256

    7bbc45a1675ca092970d357aff7761aa2c4004c93b0b1b503c6b5f288db34391

    SHA512

    00dc3e6c2bdb372a1ec3f248e4f846939e0b3f182bafb36dd27f5626333d2c58aea80d30a1bd7b85f62227f3a89f8cc60a91d7fff958fb5f2b6267c1bd850ddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6a34bef98186ed9beeca16970f3f46a

    SHA1

    3d2cf1f9dc4118393ad2f470e58f8956b01b80ce

    SHA256

    208cc9c891a3f5644a1aab762a7d1ecb1eb273134791b97e02438459ab31dfb6

    SHA512

    0ff9dacdec0bdd15313545973c02e4696f8e573fdf2e2f80e6b9c6307ab17de71b3de49b5fbc3275b02396e3f3288d5c4ad8e103efdc34a9cba59d069ff30848

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc644dada30f505d1c1c1129ec0c584e

    SHA1

    63c42d819e48cfe3012f6589a355c84855e93940

    SHA256

    9c9ad0841f539aa736c2c6ba4a26dcafca50bbc369aa2f3a9965c5b942f16fce

    SHA512

    16ea6df819df830bc03d1e88e07c9eda27cc9f0da68326790f0571c882dafa29d20ddc727f70c9f3f395510452bd4a8a654db6039dbcb383ff61316d5237de98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95be20db1fbeaa8db3f2e49f309ab9bb

    SHA1

    699f0f2dc523f5002c03138ab23493435cb91c6b

    SHA256

    84802d4c688dd64f2150dbfd4ccfdc24ac385fbd1bd7437570a4bf425e7551f9

    SHA512

    e3167e37098b39884744c6ee82722b35e40887c4d406c82216be6962215f2a920c48be70f5d5fcd94f3baaa96e5888b8e0a65cb9f958679f456250945d300320

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57744cd5b4d8e0850a4198ba93ac6a23

    SHA1

    ae1e9159dddf892d1f85b3cea286fd95d10e827d

    SHA256

    6ad61eabde43c704c5b60ae7512a3d125788afcc86732fe0ba495a8bf8d319a8

    SHA512

    ed0da268dcade6a9f65f62027bd8a82d0c72a7ed0f37d03bc3888acee7a810950a4da229941e377f84f503afd2dc75f4d6d46e540deb1b30b0af437d3bc4c726

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54a53152bfb14a9067ae8037c509873d

    SHA1

    de6ebb76ce68c693ea5731fa507e870c2c2f0c6e

    SHA256

    fdbccb57cdac39e2968eb5e54594d92c33c55f2d54e9c8073835e7781a9c47cc

    SHA512

    6d0872a8322637345db392774291d692198f2ef0610ddd7caa60130ef71eae70d65947e26e5e5ae3efceab29e9fe25ea5586534f3b53a751ca27e641afdf3e4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be9dfd1a6ab74066c49ca85359af88da

    SHA1

    0fd546b5a8569d5813452f1807695f5d2cd9520d

    SHA256

    b2e3feae7c98e56095fdacf75a89ad3385b4f7b421d5c40dd1aa3f9d44727c2d

    SHA512

    c23f257ed95b53e25187eeb6bf9f1fd3ab4e4a18dc8244a2daffed242dc2b7f2b258a08b46ea2c92369bfdc23306b71e5b8b014a796900e019231044b87a3d0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53eef516cb592d19d8332fd249942661

    SHA1

    4e6978169bcafb34dee3367bfeab95176191f7f8

    SHA256

    98d1dc8b90eb128c7db5c372c5dafe3cc69f7b5684f3fa5b2106972dc44e7834

    SHA512

    9a18fdc5e083e1ccda5b78da32c26b024d0fb42c2e1a82e780e72b6ded550037c98aebf28ef7ebf773eea65727b045d6379d0ca56c9415acb986faf5761ba98e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7C0.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab890.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8A2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.8MB

    MD5

    5fd458685694963e9c807e34a80c1ebb

    SHA1

    243c8a498e256c59601decd393fb3568a36a5695

    SHA256

    8fd56483bb5df4fc56fb91dc77c9c93a0a1d794c8de5a8e1ae58427a7a7354ec

    SHA512

    6e3a7afa6cf8e1098128691532bef173d8870b0fc83baa8b2cfe2af9f0fa3f4c373af9abf1ea4c21079c1a49321491e50f3568dd56b86e9e6c4c0d19efd81070

    Download Submit

  • memory/2180-0-0x0000000002730000-0x00000000027A7000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2180-10-0x0000000002FB0000-0x0000000002FD7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2180-343-0x0000000002FB0000-0x0000000002FD7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2180-348-0x00000000035A0000-0x00000000035A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2180-9-0x0000000002FB0000-0x0000000002FD7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2180-8-0x0000000002FB0000-0x0000000002FD7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2180-5-0x0000000002730000-0x00000000027A7000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2180-3-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2180-1-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2612-349-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download