Overview

overview

10

Static

static

3

d7f039531c...18.dll

windows7-x64

10

d7f039531c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-09-2024 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7f039531ce2db4f604ca2a40f8ca828_JaffaCakes118.dll

  • Size

    145KB

  • MD5

    d7f039531ce2db4f604ca2a40f8ca828

  • SHA1

    6c1c739d5d6fd0c04eac220b46646d3a5d5736c8

  • SHA256

    45fe958019227f7a5e96d36b522178cd3ab24a99decfe517e5a2e91806c83016

  • SHA512

    d095e6185ca9aa60df80066c8476604f1815ee9a4be3dd6c4fb8c4809f33974bb277da97d74fed11dbf7c9843ab6f48bb1312e2afefa148ecbb06d55bf551af0

  • SSDEEP

    3072:t9T7LiXhC06rUwo3ueS8uYGEx8r8npU5f4rAFy/Vruanzg:/O0XrUwo65YGEeepUItru

Score
10/10
lockydefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7f039531ce2db4f604ca2a40f8ca828_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7f039531ce2db4f604ca2a40f8ca828_JaffaCakes118.dll,#1
      2⤵
      • Sets desktop wallpaper using registry
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_WHAT_is.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1532
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2328
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2776
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {24D00727-980E-4E3E-BE57-ED9CF2ADBDF3} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\system32\vssadmin.exe
      C:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All
      2⤵
      • Interacts with shadow copies
      PID:2584
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\_4_WHAT_is.html
    Filesize

    8KB

    MD5

    3859ca0ad1861ec89ea948bd7b59043c

    SHA1

    68bb0a071ae2589489e86a2e6edeadecfe8cbec6

    SHA256

    1846f4f6fcf5a770360bda16d08a547b8d38fb2425d0d79ebcb7b202085690a5

    SHA512

    71c271b16ae79fdfa08f4cc199b865505e00c479eb9d52cabaf30a9f92f19721a821d543f05f3d40c9fcf38975f1cc59de89616dd5d61dc5c28c58c4c1109454

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a5ceea5d9f16036f40cee7e2ae4efd3

    SHA1

    cfc893dcccdf580407daab0fb0343c871f0e3982

    SHA256

    0b6fcf06fc43d0f8801507211a737051dff495327260f0276d8c2082283be526

    SHA512

    161567d70c0af8f4944b7f0a06ca2a7e4323c774d575b260f21f1ce46c25bf4dae9a77203161f19526c73e37b6c02fb77457f09864ef28ea73908568c0ec85ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39b7e2167762fd5ce16598964b02a255

    SHA1

    590aacc6b05f4d3ee8110dc6ca03872aec7da4ed

    SHA256

    5615474e2680f28c689ea0d59ca9dd45d67132d02b222e5f2c2d02177838c7fb

    SHA512

    7eb2a2d92bbc0d0c0a248eb9df0977937d17520cfc5851c97dd4fa69c7beeab02f9b022d4abbcbe324bbf7f63dd394f5e7756f70e999706a5334a292008fa294

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ace4512019eb46b4abaf901ef392aac

    SHA1

    79b8c1dfe78d5e9dc0648038c69c3adc359d6291

    SHA256

    4f947f847ccd36b871d2ceef948149268b8ade965deaaed27baa9178fda40573

    SHA512

    ebfafb6c76ff346c28725f30d395b2c5066ed16c4ec828ca7e53e309eb3fa20302561309eb07e9ba5e6638283fcc01b6a29c859d43e572a5e4fee330e43c9c18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    816eb334714eb4b51c3904a8bb993c4d

    SHA1

    29b7f31f2b1f894c65784c93192192db9b9b5370

    SHA256

    6144228eda30cbf6c700362d66d96a62b6d08784d2506fd2bb6fcc82bdfc47ef

    SHA512

    c9638d940c0f6e320e0ea86e76f3f4b5714870088e6931f51795ce598b58f96ad0c0ea8d8534782c0c95ac90a9363f32142a897ca1b6c7af62510625dbbcf582

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1102b3b266984b32b4886666dabd680a

    SHA1

    e4a496687144c02599827393b3a3faecac70b774

    SHA256

    23d9ff4848066babfbaa99a27bcd6745053c9693c6a476ea4ffd528f1bb125ee

    SHA512

    14fdfdeaf4b46c24c549e68c44eb678f098f5104a6c5b6eeb7c3d6f34686a54d52706f8254b4b32730d0da8c4f02157b0673ecb0c63140e36793c849534408a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e6abe3cf18c980a8da60ed426e8cd98

    SHA1

    f9f6e95529e7ba24b7c7642178b18a6cf1bf2968

    SHA256

    0370f9529077058461e6a958db272d884bdda8ec4a4dd7489a0337d7d70380f7

    SHA512

    b848c02b55d3729509c51f9deb2c54f3d30ea0b2f349411d58650f1c0c737af12e5634161389e7ea1deb1ea44907a76d2d389041791bb3d01784f3bf78aa35ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25bced29a0b6213b04e37c480fa78310

    SHA1

    95be22006791ddc0d573f4c6f9528d53e1083037

    SHA256

    945cfbda94adde90c750cceea1907b694fb5e792a7399fd34e894a1e57eb6259

    SHA512

    0853ba8b1fe11a3255b506dfeb83b60d64f0eaa188bbee49bc4d44d60731b0778a430952c6c8b167d35bdce9d0d32148220c843850e73b892d2f0141d4756b7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bae3ae94c64bc4007ef1f7de8783244

    SHA1

    1e75c94cb19f62e152e6d1e79d70332c99defe75

    SHA256

    3c8b0a1681c0fcf3ebf7d422fb791f67ce3bd3a3a58785c27994554fa2f8941a

    SHA512

    ecd43e340386b69a789715c6c2d77f731e624c89f8d0d75510953a796534a743daeada6387462e6e6cd211151d4e9a9329e06cebce25a61311dcf5243f428e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31821a66f98a1864d90e0a130c61f461

    SHA1

    629304e241ee0e5806b9b7f618e07ad263434c8f

    SHA256

    ffb9b826fe0decbcce35b41a1355075bdd61b8f89424d96e94384fc18f7660aa

    SHA512

    a454af49f401e41daba04fedc772e658462fc02e4eac889a69987a03faffbd71f7e3c400b1fe93869b39b8988ada63996ef2cb1bd07d914eaa715f87444c46c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ea795dc333bcff4872f31205428a61e

    SHA1

    0dadc7c2835fc08044fe1757e498c57d667c1259

    SHA256

    05a4e9c26a012ff041cfaeb4a57be145cbb1df2196f8ce7ef901f863ae57bf74

    SHA512

    2daf9c2ead0aede4c4c9973f963d1dd3f184756f8adc66ad2dd8b2ff6dd13498f22b3422c07105e49ece1b4e4cb46e6e713bd0f8e16b855ff92b9838542e394d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80cf452b17b42510de04559198b63457

    SHA1

    f13e719102ebb370fc23f771760ce31b09236f40

    SHA256

    8ffd52e91882045690b544ea190ff6a5c37eb1f52b71bbc3856090221dcf9780

    SHA512

    b0c86acb0adf77fca469e34991e437d90728da3da8ac15bab6ea7501ffba4523561df1057cb3357fac0016eb2fa2fbdc71514ac18286d0aac141bdff6c64f9a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f76aac6211956c486daae60ad22a3f1

    SHA1

    73f07e4893f25ee572984b987c5dfeb929099925

    SHA256

    761d9a554447ed80a1f40033f9b20c0dfd5986ddce27ba4b44455db5b4eaf1f8

    SHA512

    e130d168a9a4c21788b2c2715c1baa295fb5da745f0cd17bc60d5d66c9f29e27a20eb3b5ef8d6f5e8471c410094910db3aa4be56a13c1e0d18ea375556737751

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71790a45fa170cd1a1e1b3c3afe63c4d

    SHA1

    472ef928cd2219e2c319b7cdeb1b3cb3730e785a

    SHA256

    7b5c8f5ebcba2e1e7e9511991dc2bf071274aef030a4ed65032bab38502c57ff

    SHA512

    3186fe6cfbe7c276fed27ab6f63f6951c316e639fc22d6b4de11dcab2a6356f5c8832cdec6eb87767fe7d0eb218abbd0f255054001452c886036115ef181a501

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a58632c0c80cb2aa0ee670a43f2f2ed

    SHA1

    a411b5e08594082132b6d3015c2413b0e072350d

    SHA256

    583949ed54d8d1a82ef3257ee1d5d1353e7ae410f00faa1106807a7601ec9333

    SHA512

    228daec4c9d9e97830bb43abd0c7ce25976ededb1893b47bc450dedcd17ab0e82d3293b3b5d643206980a127a9bb76fa77f08f4e4537cb3571202366874f84c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b1f3f919ce9a9a45700dd392bdb1148

    SHA1

    eb8065b8ae82052734b1022e95ab3aa1217e324c

    SHA256

    1af7a389793e3ab466ef32cd1cba086abf60f92b133cd32358bc8e6856c1e5e5

    SHA512

    a5a6d4b7e8c8491a5723e69f741385281e5f11569bd37fde76a71e030aca7d277bfff6067caffd2258d33d2cbeb9c04ade686228566136c1c6e230e07f400298

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60c34436fb07b6e541153c22215944ee

    SHA1

    fa64fcd9fcbb2378c0e6a35d0bf0208c5e9605e1

    SHA256

    35d7b088a58e2168b902550fff4c69036d628562727fd6725f8fcce70f361c40

    SHA512

    ee3a7149bfb805121a7c4563566c2e3a64fa8cdbf47d2e4d040b511e1b4912bdd05b72a4207a4217a9206f735bdc0e15048076e6ff93920c553287bd7469de75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f5483f12a2aa47584c73404705d549e

    SHA1

    c7783e13b34911d21bf15ff142d97a1231b2c4aa

    SHA256

    0af520edf9dd11ae9ee7de57ddef4d2e91af050b7105097337d215a8b5283b97

    SHA512

    18a27a6bc2c94038f3e37bd0cd4fbd8202b644e29f57394f6a8bcfd51b655418c63c1b22a27acca63ffbd9703dfae40684f2c36aa626127fe976a195448316fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa40f635a2e6f7f026a267cf33f44cea

    SHA1

    1da6f12e2d0d5cbe8031e53e3e4f531f98fc6ab8

    SHA256

    fbe770c0392575e855b0c66160fd84afe0bbfdc90cafeb56031472859f121df4

    SHA512

    edf27f7db9eb6a90f61a4da24367f9cefd232461c3f10fbb5a1d94dbbde629727e3505b857faa1bab8da6c70e1bb578ab6622e9ba4303fd6876f48c884eca5a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab88FF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar89AF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\_WHAT_is.bmp
    Filesize

    3.4MB

    MD5

    605f7445474b5c83373bd058b6dfd0f0

    SHA1

    30fde83863d1009ff64458dfaab97034734153a0

    SHA256

    e61a0a06d046fadc21776c82f920a6ca8cd3507ffb8f32a4e2aa116dba6a2cd9

    SHA512

    080f52af88cc1a754a30a35cac8e021d2a4471f240edb566ffd94d46d4842dd1a87ac10c5e93a6736335253cb811a09fd73d82d989ec7e6e2deb044fa0bdc360

    Download Submit

  • memory/2100-356-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3036-4-0x00000000744D0000-0x00000000744F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3036-1-0x00000000744D0000-0x00000000744F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3036-6-0x00000000744D0000-0x00000000744F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3036-7-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3036-355-0x0000000000330000-0x0000000000332000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3036-357-0x0000000074500000-0x000000007450F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3036-3-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3036-2-0x00000000744D0000-0x00000000744F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3036-0-0x0000000074500000-0x0000000074528000-memory.dmp

    Filesize

    160KB

    Download