Overview

overview

10

Static

static

3

dff0940a39...18.exe

windows7-x64

10

dff0940a39...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dff0940a39675fe15fdf0dfbf6fa1549_JaffaCakes118.exe

  • Size

    411KB

  • MD5

    dff0940a39675fe15fdf0dfbf6fa1549

  • SHA1

    e85713e8074d02a21cfa9b8ace7723e9540774cb

  • SHA256

    49ffc90ff02fb02e0d9401bcee07583533aef33f84eb028a8ff0e996f1a1e1a6

  • SHA512

    d9b7307f0ea3abbb5bbd2e01e55060c5623ff279a33746e79d98606163dc5172912c2718d6aec0aadd61e75712116f06ba65c80b70f1f97574d442765205da39

  • SSDEEP

    6144:DvZojeATcNGmaTePGEysp5BBQXQkhB9q6KoFx5a4NcmQRulVQF2EgoS2UFMeu:TZyeAToaaPG3spfiB1KMKGEgoXovu

Score
10/10
lockylocky_osirisdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dff0940a39675fe15fdf0dfbf6fa1549_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dff0940a39675fe15fdf0dfbf6fa1549_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2984
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\dff0940a39675fe15fdf0dfbf6fa1549_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2860
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OSIRIS-3bbf.htm
    Filesize

    8KB

    MD5

    e8a72a7d24b66c9455586bcc8ed556bc

    SHA1

    caaafc73c6a0c07c14d732cfdb5cd22693b234b9

    SHA256

    e8951cefe8812d3b1dc9f3ab3cb11c7fded5948873a08f491d8d68a21b699a7d

    SHA512

    c14de5b0a9e04fe65f783ef4a0652a65dd8f9acf3219b942cb7df4c25adcff7d7321d79838bc3d021bcc82a42c19e5cea5c2816ab2d30e44c478d2837858c441

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98be125514eba6c6be18a5a194609a23

    SHA1

    e8f6255c6dccceb1f896a9498ae82683e5afb892

    SHA256

    55066609f1bd408b4c99d820e557de677cbcb8a24f26caafd699c05fee3222be

    SHA512

    a5697ac537f161687dc445f4e4e42f192e02d632632790bf2c1e4074c56e6f87da3f79fe7b8cd48120bb5d230ab83d742de40a5bc80f91f40e860c89e745c1fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9086e3d1feec814c3b3c1133ea99f23

    SHA1

    882342b536fd4af65003cf3d7ba7d1dbe9322b58

    SHA256

    9dd465250482e19b5b64db64b258c8a0f7b9669490d4145f46116693ab9ff3b8

    SHA512

    1d0585b0378401a40ae2a7e3955ddb680ec5fc8f4445946a28a0e960d3d4b323537bc1f7ac9294c2adeaa3bb090716ce87f50e18c07d944678a95da24d0ab4b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49b1a848f72123f56b64062b13bf1498

    SHA1

    ad61f43ea2ea53bb0e0f83395ed404b4e1f51f1d

    SHA256

    4bc7c60c5df12e84f66bd3411c7a5e2a605d1948eeb7beb5a178cfc1b37e12c1

    SHA512

    7cfef614597020b218af0a9f14c37192205cec3fdc25178066e668e0a3b2243cbd170b6c8181667bb46180d0ffa48c76a9c9e028cb87d553b582987803e48bcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41255175c76a5b8bcb15d5f692a34668

    SHA1

    88204149d615534d0574c00bd3913bc402523c84

    SHA256

    6a7182aec9d737c3dd98fcb7403716dbed3e9f8ecb2c9b29c594672ed12d16aa

    SHA512

    ef7e3a34a958d7241ddd662650921d74d8f44359a5123108e1c0dee92810e0fb8a7ce6078e05c02f87a82800870bb3280190a17a26cacad82a401615f9f0e5a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0a5bf55881b1f93532f5686f502f21d

    SHA1

    8af0b127ce5d92b51ad268c44885b01b98776d1e

    SHA256

    16dd5b4d8324e9e3cbaaea0fbfb1e547f6055c41e7a2382e352ccc1d69303787

    SHA512

    9887fb9c2cc410c004a10a5e25398fdcb74a6fa2a256572f1bf3bf3749fa581f2ba435dc7589bf7300286d50ca7e85b8d5a295cd4fb15f8f4952180737e3504b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5040a88337ec12da4a754a2a735db974

    SHA1

    72b7699f43488470fab0f15dc45f7767730c159d

    SHA256

    517437ac26664085421a8666e337dea61970bd8ac5a31e6fe2b1fda813296b51

    SHA512

    a5c0d4c61277385c99faf588a71b783ba1aa642761b74d7f1941f654a1b5c665c4c9d3a7682778cca451f6469ae2bda892076689ab81b333c86be991299ecaca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64a0cd784cd3e9363efc06ea6d17e3d9

    SHA1

    ccaa2d3f4b27d3d92aba96f05fa157b19ed00988

    SHA256

    707c880288cea90598b1097c15341c073807355fa5f9c9a324325b50b6c7fd80

    SHA512

    8898fd18b7e40b8702657fd5bfa8b634ddc83ccc1d7334cdcba06fc125add6e630aaec5416c9c510d03dabb5fa1e989b92338caacbde7625ad16e87a76a41160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c5f5d8745e859b9bfa99aed7b32d704

    SHA1

    8920105c11ce59a57a2a46d9bc88740b7b9420e3

    SHA256

    7a6cd82a7e2f601595b1b773e7ba651183bee311b65b6d95668f4d48bec4f517

    SHA512

    4fb82f3f6540bda135d7a9a9ea400508f51c2e07fb02512070ed7706b76fc4ad017d23d7fac1abd0cc91e88f26757855cf2aa4b00c5905070a0e48e9f51696b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d713f95cc2729075c1f9469b6ffa7ac5

    SHA1

    a1851efeb8b1d2459b91903a01333ee6e4a91667

    SHA256

    4622c5cdf75defe17a62034965bbc5cae03f7073b85b88994adcf9571cc16175

    SHA512

    7ac2b9c078c33cadc78ed4d4682394362adcd80983a4ac3863f7f29ca9fd8c35e091c191ddadc9a41ac30e7fe891f3486439cca986a0716614259a2ca6bcd185

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e26dddfbb4906cc6370d7270568f81a

    SHA1

    f49954af0c7ce272ae4da036a88bc3191dd88c73

    SHA256

    2d5f2bbecd0aba8f7a379232080e779ce5a04da03c2b4d7830d83aab256d0130

    SHA512

    a1da11fa60e041659462159da0e211358669d2433a91936a30edbe5ab75de0b10790cd91427c622dcd0fe84681b7bfacd212b9e5724dc7074185a62795aab26b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90a1c5cf458a6767a86bc77aa0cb8b56

    SHA1

    8ddb01c8a623dcf689fe58bc2fcd832eb25705de

    SHA256

    4797d92a1da031fd286e7ddab0b39bae87436ec0b5617f4eec45e2903745758d

    SHA512

    9f9116d2e048570a9bfccca17310b39789bbfe0423dce0a7da5d3539030f9f0796229f1bd79941d823c448308b5f0b7dc3685efbb9733cc04c27bd9c7c918ca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f89cfd67380fef9df4dd561a6717e43

    SHA1

    1867eca007419e019bc515efedc09754b60d1bdd

    SHA256

    ac7f6fb3a7776d11b0be40754c6cd2fb4f810996b460c7c5665eaa34789e2265

    SHA512

    74f5068c0422e512d3ecba5f25702f448476f825604ec003fcd0908753d3c60544900f005ef5f0e5d6b271b2cd62839d5a70e652133aa3ad55b798a378446326

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca33d8865976bd20fae5af089a2fbe6a

    SHA1

    1caeb2ab7e3e3b38ff2fab075125632063bb9578

    SHA256

    d5b99015bbfb987742913652d8a7ddb28de2237d5d4b12f40db7f5f7cd62a697

    SHA512

    eb87cbb4b5c01f80e9cd2b578394e063cfc39e31ed3ab1540d7f4858b54746cce4b86291a8e5e14d6cde3d9faf1471cc53ee11257ee8502d6504869e2038a8a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc13638781428b46b9d147793cfed249

    SHA1

    c0b0caf76e732cd2940e2183161317147e59516e

    SHA256

    a589ce8335c728e63a25d0d6a7496867b56828464a6d83eef038239417714105

    SHA512

    2c09615153bf2ce23fa9a073ae735d475963c9592d8f64fb5513cedfccd5c497378b7134d67f2da5291ebc4e53f0d40ed9c8ba148e46020e168776383e406bbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    610cd1af4b97cf62cd506c5071b8f079

    SHA1

    7db357b90933d16a9f76cb873c7975ea1891862c

    SHA256

    471c7a03c5ff8d4f382bd1f9b1dbd79ed6d947ccec421eca901190575c6cc016

    SHA512

    1ccc2912ee4a7b5caa1b36501261dca3bdf93ba0a779edbf5f67d8f0d0ef584bcfd169a72b55b51c33ddd7f295b1a76dfdc45677bc150e5ced30fc3f059ef1f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8421be21f3c9a3d10a930f342371a059

    SHA1

    dae20a8b182d5e8a6f1d5a8585c5e631536b1f83

    SHA256

    95df2728e0e209bda9d4a4a6f95e0ffaedacdcc70286a7c7928c873febbd243a

    SHA512

    91d2e71301a835ed1cfd49a43c65354e70c0cefae02c121172321ef7b2369c6b0abaa98776c83414146407216be91657f281d4b53b798a9c0ce9036b6fbe0f80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13b96388f073702f42cc1afdb0e81d1c

    SHA1

    a556584dd8fc38ffb844d7bccd9f584e9a3ad627

    SHA256

    c4d81a056780c08235f9357910d39486b8d671b7f32040db13708e1d5c35344d

    SHA512

    6fb9d5805ea1312f632588c9d39caa24fef5b2e335fb6d9ec856ffdcd7850754fd9565e104a29599eb63a6384b018d1feb506450d2f06cca448a9946cbcb5e53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea81eb80a650b8a0f0999cb995262f54

    SHA1

    ffacd239d5724739cd553d19fa8f0a900164af09

    SHA256

    e0e770a59f7cdf9f61365e46b3c057ae4a4660a23ebe7fb5cbbe90afda7a4634

    SHA512

    cb1d57abc68ec42b63bab0dc3900c75511442ce5bfcf25aed5545bfe7688ef06a1b4951c76711819e28aac3768d3a5e7fc4f42d3affb271031364f3109eee6ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e381388bd2bd9bdd6ae2dd6aca667e7

    SHA1

    908c1624da468b576c872c70397b341fb88857c9

    SHA256

    6ce103e493a54041ea22b3d42016bedeb3b42e2033a2c5a2b0a2b58fa3a24b6e

    SHA512

    89d328ade3c94433addea872dc726aae74536e42e452b758f5c75f3afa808d1fb76a9a6bf5238230d4d58ace711948dbd0bbec90ab87e67ea3fe7f6fb9eb8800

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2291.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2301.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.7MB

    MD5

    1a375afdb1fef528b8e282f96abb6a6a

    SHA1

    ba92e641fd22e64c4ddbbcc0222d820a8b2ae7b8

    SHA256

    c1ea05f9b96ea4fdfe61544c84daec4e78cba5c7d085582d8477dc49ef056153

    SHA512

    ae0b32b80344fc7f8aa0134cda4aafbb2ff70d445bacc011b85ee030d629f0f4ee3358ce982946306c5ee2b0c4374fa7f990931070640680366f68e0e40ae971

    Download Submit

  • memory/2316-327-0x00000000034A0000-0x00000000034C7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2316-7-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-5-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2316-4-0x0000000002CE0000-0x0000000002D65000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2316-1-0x0000000002CE0000-0x0000000002D65000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2316-9-0x00000000034A0000-0x00000000034C7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2316-8-0x00000000034A0000-0x00000000034C7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2316-10-0x00000000034A0000-0x00000000034C7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2316-32-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2316-332-0x00000000043F0000-0x00000000043F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2316-2-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-3-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2480-333-0x00000000001F0000-0x00000000001F2000-memory.dmp

    Filesize

    8KB

    Download