Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08-09-2024 09:36
General
-
Target
d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe
-
Size
615KB
-
MD5
d40da1f72e74cc5c70d4acfdb1bfcf8e
-
SHA1
3e756a055a3996c2f40f9deefc5f0cfcd0e7cbbe
-
SHA256
50901a5f8f9ad8ce1efd17e41ce344fb3540da11bc79e23504c24d1d838eb805
-
SHA512
7b5ed68b64f4c331fb2cf2bf6710ffeebaf97a09b6b6828748b06cd2abf17305167a01b7a5b4af28773784b43486be7bbbd15a9a6ee5898a95a8e58dc71a2e03
-
SSDEEP
12288:ZBRpTbJ2KNoKM8cn+/wpSkFBd08g2SAVl4P:ZVTblNtMNsk/Syl
Malware Config
Signatures
-
Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
-
Deletes itself 1 IoCs
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe"1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5d866c47b32b51a0b53bd16cafe1167ea
SHA15bd1701e76d36047d3a8cae4bfaf5ee9e50fe332
SHA256daeb69771b54bd2c9ae9746af7216ea1da1138a3605228857453645428725926
SHA51272c4f4b2291660f244280fb90098a3a37fccde8b4d3d2be616d0f69bb12e72700081a8373cf3e34767d8d3c1a260a4dc74eef1b42d3991a59ca44153a5855e08
-
Filesize
342B
MD5eef574798cf48f7148597fb9ad17314f
SHA123f8fa7660a4e8c3032724c42a23ebec34c671ab
SHA2566e2c537fe954a1be697199cd121783278e8c306291359af3baed60d86822e850
SHA512c27bc1edb0167bbddacea2454adb9644124a286c66bbbe2a1ea9dca5c721f9b9bee80b97fb33d2855661f8da338a7ba1d9b1c160709268f127937686657625fe
-
Filesize
342B
MD510b47cdfa889571babb2d50e0b67fd2a
SHA1203f88265b492480dfcaf8c2eb5e657ceb1dde1f
SHA2564e909aa3fb9c36f681fea160778c6585b5406440f083f0a7b677f3320cb2a248
SHA512089fbe4fc1f93259476e313813c1630b928af439376953cc781408d70918035e0bf6979f1acfed723d70d4e91f2a10d48abcae2bcf78d522719c629debe79a4b
-
Filesize
342B
MD56e1c3050aae97a74e2a9803e19b5d8fb
SHA1f77cc73c5975995e63039073d570be9a6c31209a
SHA256f2463af4d08739c47069fc21bc68f15d18527d1208541907009b63779ba8ea65
SHA51257047807e5741a7c06343d391a65bf98f181a11ef546d44bd935ca9f3e8846f2666dc5901cf0d3e578cf830ffe3b015972496f5d7badaffe074eb8ab52e09500
-
Filesize
342B
MD5b77429d4754a846c4e5cf9f3a45fc035
SHA13b56e290f42e668e8b1ecaf683d4db049a1b78e9
SHA25618683a1fffe5ae1dedebca2caaac24f9b98b9bdc5e5e87c68785a498a461df8d
SHA512fbe4b2106c8760b94f3c83e168899295706858c9aa2a6e550814373ca2bd8b486a95e59a32a1e22b1e91d5ef00ace77e046cb30ece2af5edb61b96dc8c04c71b
-
Filesize
342B
MD5567be822f365af8e03aed4c156aadc53
SHA1366e83d8a1eb026585b294a8cff8f9b9bd06a459
SHA256c87c90c816987fb5f67d62bf2bf6d11231b0187d8a6e4d828365c278ed17a197
SHA5129ecd1edbcc41821424b2b43aa49879c28ec0ea660c803688e709fd6a2620d99d4510dd2c514c4f00d9cb1403963767ff89d7070fb51ff2810416d46c9b65763a
-
Filesize
342B
MD55ea6a7fba37567d5f9a46d4f555e7b9f
SHA15429e249033d056cba738170a1c85e6e53c35bb6
SHA2567a013e70117154dd1efc6bdcc48bdb14bf8ed23971e40753c79b4c09fabe75ea
SHA512b26cb84df384b207c4c5b149770a557ad8affeca3db3c402a71487264ed6f42b2c96614eff6c86a22a44c20557a744fe64de070f48578b5cff84314f669e0b5b
-
Filesize
342B
MD58e63cafbb14ea7d3404f13c0baebe510
SHA15ea200a40b7358e7e32bac8f581ed68e36c01933
SHA256763b5d21547a5e566b9a43c7b56d65fb6776cc757d92256edbbca8a547488514
SHA512b3e59d7ad0a8ce92bce5e163470af63fba274a675f1298dbb2b22262c50761c8cbb2a81b0d23ce2f616c8eea9f9fac901394bef5efff10f6c09058b936cef2a6
-
Filesize
342B
MD56221a89654f301e529bfb0a444df5764
SHA1a7edab6f7fda1e5f91a76850fa76e5e1ce091185
SHA256370ca37dcc8714f46c53a879a291cea38ca26e84c00d6a375a284f3832f221ef
SHA512a50950a14625e2c603e856d521373d263d4a752d1532ad0e16e5d62b05b56a32b4ea3ef7355bf193dd91fb092712bb177839ca20b2d231acdeff2165703ed4bc
-
Filesize
342B
MD5ccb228411a514235ab4cb6a43a1cee35
SHA18910ad5827d2f268a2bc2f00e4c16e79cd896b51
SHA256cc4695c59e3fd4c2a917948ee59e9d5ba7815675a5b9cc7d2f5130acccbd8c20
SHA512d90ac4be7d2ca5bacc17b1cdb3d8b5d592b2d1ceb8fa5bbccd596ead06a847c95d580703d1e3f555786d84e628755a631ba00fb50156ca77035821e6f5d8193a
-
Filesize
342B
MD53bc5880dc51491158c5480545abf2a5c
SHA132f89885c6d0c712a2835523a14140edbc940995
SHA25670afcee615aef3f59bf9698919a1f726bb9afe13cc71db61c98b4dac4b6fee41
SHA51256b89bfc181813334f048c72b672c0d7383c3d2c9a2e4108b0b9eaf580ef6b913356102d15167f69b1faeca317331c7b2f3716e1528c5e5e252a5452b39bbb82
-
Filesize
342B
MD5c8bc89339b66418a3aaa6210a856bf81
SHA148e2381d26dfbb60bbced904a77db6e46e51f0db
SHA25691409bee5e85346a3926be60d7808242e51e61b7045a0e7a4714f7e32f7b12dd
SHA51248f855b1549cb0758e1767f0598878919181167edc86e2c38e12c08f13fe25c09027481cc4bc38b8d4b4ebc45321dcc599492ae6ae672f5cd66a4378562d4d1e
-
Filesize
342B
MD5876d82faddfe0175bf44ef3d0d3547a8
SHA1f030ddfe65d1eca8edb21e72d74b5d5102314a91
SHA256761c4cf7f5b207b704eca275277da6a8a06b54de50fe5828c84b883c3b742ebd
SHA5122d6807aea069523e1dadcd6e3402876d0a463312f5a47c51c9b0064a3835aa2be3eb7d8ecef4b7e0be4005b47e64fd68527b161fa572dc43df8f6776584f15b0
-
Filesize
342B
MD543fb8857a1c210972c5a57c8ade5bcad
SHA112a77ffd3d94970506ed4079bc1a2e2526e666ad
SHA256abf0fa608a68809e62feccd0a23eddc93711daeed14f475d69f3554bb2e0312c
SHA51299f6e8ffd2a990929413dc9a337e5790d1d9dba78aa52001585306f340746a52bbb99cb6b21b137297690f3d0b1323968235ab754de76c1640d3a78422115d9c
-
Filesize
342B
MD52036a34c55a9cfa16049baba445a4848
SHA13f4ede1b269471c3e7bc41b1be073680edbfe96b
SHA256ad9ce73fd982b9d09c449fee26643c4b386ab218a051739a633b0ff9ccea5f3e
SHA51210013e6a9bb3d23a3ff4308f7da783742ec024669c62ae1a90da848be1f934bed26fa992e37dd74ac4c9615777d1ffe4234398a06a29a7db359fc47950076f47
-
Filesize
342B
MD58d755023ca2b5cbdad4d79dcdae7ffb0
SHA16f2358b26911dff9b6a555d16b2acdf2a529a986
SHA2566dde7b59af06608076b3a4299753fa6a514b1aca3b5356d93c89b436aa00690a
SHA51218a7c5c6731c932f82c139eac3ab165860f96be66ff43e23a70b6d47d03eb1e56356bb856b671eede1fbb323b4c0f73c4bb6a52478fdd90bfac0caa98a4d0d27
-
Filesize
342B
MD5bcf12b4248e1b67c165c9522fc1d1183
SHA1467fe7caa49ee7cfcfc3027b8a733269058d3dce
SHA256fb1a3a7bf2f446b7dadb0a87bc65e8a480dcbc19631a8d064dc9c53308b4432d
SHA512e7a538f0cbe92b18bb15e09ad7675c6d12fdcc69b4ceebdc9aa7df74941f6faa3215b07ae96f18be40dcbf15426c16cefcf9b49d5d99cc79fe3d674bf860530e
-
Filesize
342B
MD56da8b8537052a2fe8183545f972c7984
SHA10c194ce2179ac7ea19cda0eb8b692e027b46c7df
SHA256c5f8e5c3df34754728fa7275c207a0181265000fd178f3034523ddec53d4740a
SHA5123bffc795e6355f337db6864d69480d230b8c7a869b948fb48d8bacc37629b0ccf65c8f2ce82ea1ccccbbd3b3a319d6c73afc2754d63b57a4c60e5e6198ab9495
-
Filesize
342B
MD5353a8bd7e0b5a72f60d998eadf35c991
SHA1ef4f957be4f72998d80299a57b3926ecb61a62e5
SHA2566d9321626ace38e6223fafcbbea5eefd49a02bdf92ced8399bf8acf8982e66be
SHA512086be56910988ae476571b970c0cde16f5d2ed04565979420f2f77f68f87b6baf6bf0cbf27145c8a2828f679c4e381c69a3c4ff83e4376e66f2841576d974f5d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3.3MB
MD5b9a4389aa86e21c6da9f9e85422c4d16
SHA1c51bdee45f842b0a3e2ad8cc4439aa7d27d5cb32
SHA2562514f4415effa4b55c54b82708693208c634d3480b0def073e56e603290c067d
SHA51201dea976dc56bf4ff3f3e1664000f56303be970dcea7cd9f2cb099f5e4456c512d32dcdd1d9a8f3b0423cbdfb77d81caf9916054109f236174166d9abed38c44
-
Filesize
8KB
MD5ae144cfcb3ffac4f044af81090b982dc
SHA17389b3511fb463c60f723839881b9307012d811b
SHA2562ca7be36517108ce3fd69dde00a926fff7ec1f715cf23453df13d4da8cc5ce54
SHA51245ab801d9658666e14c1225b7944a4fae3d4a39db592d5cc949de0fd1c4d64ef32611dc2b0adb4254f93b11e210eb6b244d50ca9146b3954482bb7e4dc787cf4
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
540KB
-
Filesize
4KB
-
Filesize
540KB
-
Filesize
540KB
-
Filesize
540KB
-
Filesize
540KB
-
Filesize
540KB
-
Filesize
8KB
-
Filesize
540KB
-
Filesize
4KB
-
Filesize
4KB
