Overview

overview

10

Static

static

5

6152d82cdc...18.exe

windows7-x64

10

6152d82cdc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6152d82cdc94bf202d8284bb0fd1e803_JaffaCakes118.exe

  • Size

    87KB

  • MD5

    6152d82cdc94bf202d8284bb0fd1e803

  • SHA1

    c5626eddbebc428f13bfa7f07eea88bd7ff13ce6

  • SHA256

    0d7e8459bd8ebab98011beafc0c00b7e3567568c59b201671b13d0169f4dc9e6

  • SHA512

    8615ed5283d825f107db236ecf25f4f42fd9f8c7b0cccf865acc9d299c7bba4b1d8951da6b6ee5351c767af0870a6458c78092e1ec562b69d77e0954f6bd4e5a

  • SSDEEP

    1536:LiiZpLhQ6wWd0gHLn5SlDuwlJmOBRjM0BXh3ZEv9FyFKeSl8k0nCdMuC:OgpLhQ6NdVHLn5IDuIB/A0BXhps9A7+S

Score
10/10
lockfilediscoveryransomwarespywarestealerupx

Malware Config

Signatures

  • LockFile

    LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

    ransomwarelockfile
  • Renames multiple (510) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6152d82cdc94bf202d8284bb0fd1e803_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6152d82cdc94bf202d8284bb0fd1e803_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\Lang\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt
    Filesize

    630B

    MD5

    97d61dd38158163712ff1f93b02185dc

    SHA1

    aeeff9e4e9c82b7093cb222e038c1a6fcfcf06a3

    SHA256

    87c7671f844922e5d75372ff60271462c1f19105dce05c36a49bcbb6f93284d9

    SHA512

    23b9a3da5c54e3528e79ef2529619e9a3828eb049baa59a0f67c6102179f134fcde03f30d8d36b2078e89fd6a28fc107a9c03814cd0ceb32e70495f36eb1655d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml
    Filesize

    331KB

    MD5

    0e6b213281e110f267915397f29a7cc1

    SHA1

    42905bb9106e8eee62fcb65f5a5233f3f4fba7a5

    SHA256

    3f3514097417d76e91f0a1b86228875d9966b973cd9ecc80b6331ec1a98a4496

    SHA512

    f0b4bffa65f49f3be9e80dc96df9a2ba3fd65ee82cf7e062b21328a911d6204228b2cf685a237518810a0ec95485aec456b6333bb7b02735d68ed8ee27ae1515

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml
    Filesize

    317B

    MD5

    5a0b4dd3d8f6fdf54103fd0001816f63

    SHA1

    a988ebbe0d7c2c876680defbd253b1975457fc7d

    SHA256

    f3f39acd473189ab9295d2dcf2e6197ba0ab850a82c4aa1ade5592ce1892c38a

    SHA512

    6bd930896090b729ba992d21481c200cde2177a9dbcd5b7444356d694557f5ee518264f232fff6316fe6f824c1e107c54c330e3823e9f811a39e36f5c0b30d12

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
    Filesize

    21KB

    MD5

    82c6ac5e46c85206837e131eddfddd83

    SHA1

    034737421748e5bfafd4e854534f3ad9fc9770c7

    SHA256

    55cf8a93e707fb1962dcc46766d7c5f0f71b64f332a6117118f94d7cb95ff322

    SHA512

    914b0c8f1d06e3b0b8c00bda75f227ed3864d048c2f69f0a331cbecef925ce68705afc53cdd041e430ccda931fd2605f5dc579ffe8beaa0acffdf4c51b162eb1

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
    Filesize

    8KB

    MD5

    bbef149c3dcde06a394ba512422af3a9

    SHA1

    34b0e982f4d5d731de39b322d4824b6af6472627

    SHA256

    f4097368dc6b67514f2991640d563bb52fc01c7fcda1c29566b9ed7208954cd2

    SHA512

    595989ecf2d2bea0939dbf57faaa3bfb690166c17fb1d1da27b58871d54b3209d71c6e5489e983e5d6d3ad05fd97bf847a6e11bc9cbc9fcfc9535818b07e08be

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg
    Filesize

    1KB

    MD5

    9ceb184e2a266d3bd7ee49d69f60c0b1

    SHA1

    85d584f08463901541033025c42cdc2d718f0bf6

    SHA256

    b7e00794735ca81c2966cc03e93b5880504c98764ad9af3bd273c48c684218c5

    SHA512

    f9f46dad610a9b033300c22a8373d30165cdfb3175800c4837232f98c6fbcc843b8666b6c3ae313931457b0576b1891cd3a2f9437aa68933d70d52a3751463b6

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg
    Filesize

    49B

    MD5

    bd6fc9ca96698344936b22ccef4ba428

    SHA1

    49fc5c771601ed5e3897908cf8b83b546821a6be

    SHA256

    1003f1a53667e28e7952335498bdedd3377eae435189df01235b6602a5654823

    SHA512

    095c01770b4f4e9f9fcb29c0ce290043f5c1de9c7b9767e7dd889aa25f3c103ac2dc8de5258a639aea477f649aaeb14687767a9912d6326503019369a1ed8ba6

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
    Filesize

    8KB

    MD5

    546aaf9ef3bd5a5d57584730e8aa12da

    SHA1

    009188fede09461fdeb7b7138bd47b4bce60a6c2

    SHA256

    fdd0d7552e874aa61d24a097fd9c297616d4e0ef684906a17c8c9425bed52c00

    SHA512

    5d6fd8a6332055afa3fcbc74a08638184bd322fc0d3da5180314438a6eb6e120b5d09c9fa0b89cea949a562522b16b9b7d49fa9a30438f0501a589c1d2f7bd2c

    Download Submit

  • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
    Filesize

    62KB

    MD5

    d63dfe04f005ed75846cf5e822057ae7

    SHA1

    e4f817021c63e6c585358fcfca32a107a4abeedd

    SHA256

    582a60a60390cd7b078c158226ca897b02274d0d826c8749b3a38b7b0ac7cd77

    SHA512

    e421f18414950423704fea20e5cfc4f87e47f5182c76873050aa0e985bb9e867b36d0d8aac778a986aec71718f223c75183fb92aa12b6d300e67b1eb5775990f

    Download Submit

  • memory/2376-4309-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-0-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-4332-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-7978-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-7979-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-7984-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-7988-0x0000000000400000-0x00000000005CE000-memory.dmp

    Filesize

    1.8MB

    Download