Overview

overview

10

Static

static

3

4be3deb224...18.exe

windows7-x64

10

4be3deb224...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be3deb2244ef733b4cc0acb71137481_JaffaCakes118.exe

  • Size

    524KB

  • MD5

    4be3deb2244ef733b4cc0acb71137481

  • SHA1

    6b82b0f3dba275ea3b104bed6c4a35372cb7fb32

  • SHA256

    13302b92d75ad29f88d8a0330c153ed0c5156c659a129e852251a3e3552f8537

  • SHA512

    543cd968bceb879e2b3ee66373900d0cda9d5934b1deee9c18c6408070574c193b96429ddbcda0b876e994551eb2d03c009d3ba81d0412d1fc2ec39b10bed77c

  • SSDEEP

    12288:L/yDzz6y9v3lbQW/bAol5DUnxR09GhMJFXG9y6xo9Bca1SVF5ARU+glNYJyQUdUf:L/yvZL/8oXDUxK9GhMHXG9y6xo9Bca8y

Score
10/10
lockylocky_osirisdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4be3deb2244ef733b4cc0acb71137481_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4be3deb2244ef733b4cc0acb71137481_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3052
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2596
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\4be3deb2244ef733b4cc0acb71137481_JaffaCakes118.exe"
        2⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2704
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\OSIRIS-2e03.htm
      Filesize

      8KB

      MD5

      c606e85b008fabb6c84784ad0bb92c91

      SHA1

      bd0f6dd5f3da3d65ee295111d07ed736e11c8e86

      SHA256

      200b619d0e056cc1f40b5b3c8d77448d9710555f451ab781dc9010d51e571c01

      SHA512

      0287e072059b2916dc64346062986057f36b8bb1a7e6a15071de754967ec62740954b588ea02f8e12c4bd58713d3680037e55964912e684e93cdc59c24c70ba6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      99fc2136c96ef55264f954f47cb6abfc

      SHA1

      9850e048191f98d63f9e324812a26d5827af07c6

      SHA256

      63c4fc0a57472b78c625456126e676f0dd25f2fcfcef45d42c995cbd3b307a8e

      SHA512

      66a402e61515a272748a3b53d874cd67a9bfe546238b6d3ed422dfe3e9b5c90ac169c36beb6e259dff9070161670e7c392a69fb77617d7d5496b6e9de2637396

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      16f75918801c6b151c56af6597a1f00e

      SHA1

      67b7fdc0572c347d72e212ad9b069f7901ec469e

      SHA256

      8e3899b30b9a3ab92de5093a95aa7b87c31b3c2bb95f5d14a5b7c59d2467a3d2

      SHA512

      840b6b7dd48d1e3535d9b7e77506f216a7cc8f3a2d67b83ad27e069239009501ee8ed3fdb7d3ec60109d213b1be1198ec563ec25f13ed45e7397cc86dbf7b519

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      768ad5fd31038e3094fd4dce0376d7d4

      SHA1

      881c50dd8ae988042015f0cf3c05d1a95b25ee4b

      SHA256

      7a230b7196557e6ce0b253da431a7a10a64154dae740c3152b5a48b909e816d0

      SHA512

      9c354d5d7dcde0aaf8de0d902183314169faee2666fb35426dac182608d2e2f95491c0bd71adba301ef2b7c20c6a4fec6fe84834dc5e32e16cebce9e1fbbc096

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fb79078a4ce25f04d9e232f1c9ce0bd2

      SHA1

      6d95d4d6bfec2e6f643ba64b3233772a946ef20d

      SHA256

      eaf8f767fbca5f9e22d258b9bc79794cd3251b83311ce1fc15e25af90eb8f3e1

      SHA512

      9b72ae26a53de90cecadf870678863afe6efdecbfadb085fe32e051ef44dbf7e88ceecf1ceae3e57732b2cb1e4ba88b14704eaeb0cb2ef92ed904d9335f67a2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5358772432a34b71056b03f43786766b

      SHA1

      ef25837455814b744edfa6d7ab740b6bc5154b63

      SHA256

      f24843bce77baefa6a695ae49efb45285da11dc9876fa2269c5cccf34827a3b6

      SHA512

      6bf706bc8d51fc80af8bb37e3bd488379c1e94515321d74a1415de9a1a747d230fdc32761929b41ca8a66155b4271b097d0054435280d185051d1a72bf320eae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fd4b9f1ae37c461b2a05f0dd34a8ff17

      SHA1

      da46bd797d3bb2a6af3faf84ed0d445f69c31fe4

      SHA256

      dfda0a2a4c5943127d86cff90345aaba0fc637423619474afa8760bf3b993b79

      SHA512

      39e17b818fd3d1b8f2ab902e5b36e2f7ff33479426864b7fa3495e115462ee52be0816b8d6d4e9800a69eb910c07f50c765c4a994330967fa94b371b0cbfdc25

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdd80d18b8d4269b7dac525253423b89

      SHA1

      d1c7ad1e170c70567af891d17c6a6384f629045c

      SHA256

      34b21a42a56779e6817efe24d3183191357e583a834b4fabee73e6f7a60e5219

      SHA512

      064cecebd70c8b2cd408b395aeb88770843748b3e64bc425b9eb8896804536bb19f99d7ee731e04813747c26848de8d0ea2cbc838a694c069768d49627ab6449

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dbfdba53afbb25ff0958279766d987c3

      SHA1

      ca4dff2779192e90fdf168e9432b8502cbe51e0a

      SHA256

      99fc1f03bfe556cc671db707b8a165395bdf1b98ce5e7c26438d4ef66bab84c2

      SHA512

      015d41c747ede846e515d2dda3af60ff21cb51d81e7b248dab0260ffd91ea81fd75fee3d815de9689ad7617bd04df950ad0b2c862fc86069d0bad316baec415e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31cf7297adc0e0cd6e9b81db46fd22af

      SHA1

      970876e79ed36acc4642c0e98dbe59f2a3018a0a

      SHA256

      9b16d970efb019dd3a0221b5289246ad3f04ccdabe3bfc63d5c0176bd34d220f

      SHA512

      78165130a62883e612c53db792df049ac1230615e47eee532893d35e22a7c3934b31075b292ebf5c55d366e5536ad5bafc0ad4e894cdf8cd70515db565d34334

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d51c70694bbb61ad3540301e1103c73

      SHA1

      3a5818bc31e8f677f8cfc2c8d5fa74b069d522d0

      SHA256

      c1eaecf967637ff7786215a898c94bde69308702841f524a1003927bdce82008

      SHA512

      3fb9e06a30c9053d857aa1add4473165b6d3f1fc00be2fb711de64dcc0d56ac19b173f76bc6b51a252f5e3ed7f7538e2d7e40c00291f0e896908cd3336b28a64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f9652141f510da2a5d1a7dca64e6ee3d

      SHA1

      cc940d6895b15744433093aaab2539d7eae34e13

      SHA256

      725a713faee2931d4a6c8ef67638caebd56d4f2ce31e38a6e08fda929b646454

      SHA512

      bb53b50b23566089528b01b9d69c1a9865a04b517d9b207c74def2bfd4b668231d28b052f74db78f099d418143219afdadb14d5593a36aac89cd22f28a750fdd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      45e81371eba305c484f0b0c463714e9f

      SHA1

      ab52d95a51f592615ebabeaa69e31f9b78610dfd

      SHA256

      d9625d733ac2b9e69917963cbcdbe1a6038b8fb762266456a1c69a2cd448272c

      SHA512

      ae52497c59c869c2be2f97fca0395ecfa9842d6809097f17a3c57722c7ef082ff62a9b640a8dbfd6e459530d5978e4fa4bb439c379103bd0a3ac108c0e9dc173

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0bfb914eeb322b1cdc9e1226e835295c

      SHA1

      9dee70159700230dec6c6a27055db7a75a032d77

      SHA256

      5f96bcb60ed33e085da40506eaf035644df13272df07e9fffa74c515d8517e11

      SHA512

      5a593e0068fc70fe007d3d1aeae98f58ea7c902a53fbeccb236ac1fc1ce9c4e716c1fe12a4082ab42d63240118423631b74e3bd6195fd4fbcb0b37ed5da5449f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      58c4a14439f2e7f3e59b1618bea8fe85

      SHA1

      c945fe59354545197bcdc13a9f66a946710e4b83

      SHA256

      be081bf2a8f366af2f73fd5cddf565eb3fb36be69bc0ec7ffc7197d53304f95e

      SHA512

      4b5cea5f2faadf9732a989ca8038b689e55ee339949f4d58d8cf6dc569dbe1f96b13d7047457142fa6330c4f42280f691dc2fc2fb1de44eacefcf5a9393c06f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c76c8cb184db3176b77e7bbb8d6aa2d5

      SHA1

      7e0088d590c4858f55c8bfb721ab05880ce90423

      SHA256

      f67105257af339b2c68ce49a3806e859d7470940370ec24983dcafb73cf1eb8a

      SHA512

      07eacb38b1f6f307c9477589010a7f29534a208cd53fc2fe223335c2503bcbbc3e9103d9ba39293a8f12d3612dca3d40b8c97b9423ff3974935ee82ffd0356ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9AFB.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9B0D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\DesktopOSIRIS.bmp
      Filesize

      3.1MB

      MD5

      a5445748752398b1531f7c168534db4d

      SHA1

      75c2f349cd9f366d2d663834a6a7f9db4b8ac672

      SHA256

      4030cef653719ab043a081a74986ba3cb78681d2e529ce366d6819aa36a8d669

      SHA512

      86fdc1d80679848307ed62d0f6e507939bfdee9c376188aabd1de639a1766634feaf2382653e3fd17d5f4f017805d695feba17fb8a45070b203c4778877a2062

      Download Submit

    • memory/2632-9-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/2632-0-0x0000000001F60000-0x0000000001FD7000-memory.dmp

      Filesize

      476KB

      Download

    • memory/2632-316-0x0000000003D40000-0x0000000003D42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2632-311-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2632-14-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2632-15-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2632-13-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2632-12-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/2632-11-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-1-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-8-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-7-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-6-0x0000000001F60000-0x0000000001FD7000-memory.dmp

      Filesize

      476KB

      Download

    • memory/2632-5-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-4-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-3-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-2-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2792-317-0x0000000001BA0000-0x0000000001BA2000-memory.dmp

      Filesize

      8KB

      Download