Overview

overview

10

Static

static

3

a47562ddb0...18.exe

windows7-x64

10

a47562ddb0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    a47562ddb085ab39b821c1d8ab078edf

  • SHA1

    0d4e8e5549105ee8527c058dce6c390616ad14a3

  • SHA256

    f70006713d13499db25cb78e7831a300457f83248cc8a245de67b180c607713e

  • SHA512

    18b3ff273024fdd98f2eacc9825316a97ae9809d127ae4d16a6613a9093fa94804c736cdb4edef814ef76c92a2f8c5b640ce4d2b7b76e339fe581667189a29f7

  • SSDEEP

    24576:dnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:m1K5ve1K5v

Score
10/10
lockfilediscoveryransomwarespywarestealer

Malware Config

Signatures

  • LockFile

    LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

    ransomwarelockfile
  • Lockfile family
    lockfile
  • Renames multiple (1109) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Drivers directory 7 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÄÅÁËÎÊÈÐÎÂÊÀ ÔÀÉËÎÂ.txt
    Filesize

    630B

    MD5

    97d61dd38158163712ff1f93b02185dc

    SHA1

    aeeff9e4e9c82b7093cb222e038c1a6fcfcf06a3

    SHA256

    87c7671f844922e5d75372ff60271462c1f19105dce05c36a49bcbb6f93284d9

    SHA512

    23b9a3da5c54e3528e79ef2529619e9a3828eb049baa59a0f67c6102179f134fcde03f30d8d36b2078e89fd6a28fc107a9c03814cd0ceb32e70495f36eb1655d

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML
    Filesize

    582KB

    MD5

    f56491195b3a954dcc5dd5e00048a91a

    SHA1

    92a237b2aa3feb6fe1c3afea150e0f54e042c915

    SHA256

    34cc72cbaaa63eba1d87684f673baae5229a28ce7b7a15b5d11405f75e0a1c8f

    SHA512

    7fcf6a34d1dbb65be377762fdd81244bd024443200625bcb8a67fcfef2cf59a13423071ac5a6d96896cd176d6b349bb8c368e5c323079a266281e3bf536df6e6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
    Filesize

    2KB

    MD5

    ff592bc169552829773d00d09875ea30

    SHA1

    647881352b484e6d263d65b7f13b0a610ea7ea3b

    SHA256

    51e0ea20015ff9a344b8cd07c79a6d2ffbf8f6bc6a6dd0a91952b2528abdd2d7

    SHA512

    02aa598647a87f3ab8e95dba9c29f7f1fa8d4c9bf168b8004671e78afebdfcdb828acaaf599201597fe94bad83a66bc8b94b27a62b1daa3c3bcbcc75a8e8076b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    6KB

    MD5

    b4bd9236ebd2106184de8d1d866df857

    SHA1

    e652e837c39ac98d2e3162e11d4c93bd6e7c7761

    SHA256

    4c046a1e5d6c76fdfa7592bfc104a8667d72ef62d962742845043da7c7290e91

    SHA512

    2feff093ce211e1e6068947a7f2bf0368d3d7ce36e52366f21f6c542e422c5e68b3536f8618c3c4c96133c10cb9ea588b55d32fe56052c4a5e7f81e67b937450

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    092dfc02d4a10ba133d8d32ec96f5a5f

    SHA1

    e9aefa4fdc1d0494c8914c55f3f23debf02d2b7e

    SHA256

    7079605fc6865f78b9ac9d6ff2c8611fa0804213adf9f628cd065e8df92eb89c

    SHA512

    694f47c6cd12c070e68e82f74cdd4d3e233bcfb9d4bc2d757cb81a2a67c46c29095f078917681ccb327e3c03f577f280e33d697b5f4ffa4a40b8cd51cacb60bf

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    5KB

    MD5

    6ca80853ad63c3339a3e86f0032c366a

    SHA1

    f289a7affb66e23f21261f21b603f386d72c86fd

    SHA256

    58b2aa242e7c29fa3369b83ad415d3fc309c761c2ea47506a692886f4e58ae52

    SHA512

    a26f9c0c0f2d11826985672ef4333177664601c31a81cc3bcb4ca99bb0e1837d991983ab8685f222777375cd58a53a086cd8f0b3d5e42e41ce70260470359674

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
    Filesize

    247KB

    MD5

    a872098140c349bda5a42936de3c4a7d

    SHA1

    d1f4923183c746b1f42e2906973d0b461d177570

    SHA256

    132d6d5bfbec90d71a799d84873f229b3c814cd3d3e272f18fd1bd9c107b39b3

    SHA512

    92885a56ca9d086369e929e174b24bf29d584e6b1ece54a1b9ed709dbf2c519fe17bd927c5fa396ac403461a272da2743995a97cab5eb8e5e9a7850f69916906

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML
    Filesize

    807B

    MD5

    5f82b0c82bdad0e11e88f51f05355f7d

    SHA1

    580947de3df7699d7dbe92ebad7843b51c3f3856

    SHA256

    6c95514629cd959497f67c94218163202d04c73dbef409f9b14a8826228ba925

    SHA512

    d0ecb309b1fa4bc6ab5de4985deb1661304993991a37b2987cac1dfe40074f2596e07dc756f043a8d67eac5e4dfc587b784edfa06432bd111158fc19c4099c8b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML
    Filesize

    806B

    MD5

    748a8d140d5194966a250e950d40f441

    SHA1

    bb586c7edc77bd3887c7e446358c11e4e97174ab

    SHA256

    e6cbc3509610aa7c637d7d4f83c54be92a918ff4d65fcebea5a1201c1526c57f

    SHA512

    aef089ce611126d81c85127ac2df2cc981f7b46978b162e391966902f154e8a876fc4d93468e14add06fffaf75506f767205163574ad4efe46c5431ab506c26e

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml
    Filesize

    317B

    MD5

    5a0b4dd3d8f6fdf54103fd0001816f63

    SHA1

    a988ebbe0d7c2c876680defbd253b1975457fc7d

    SHA256

    f3f39acd473189ab9295d2dcf2e6197ba0ab850a82c4aa1ade5592ce1892c38a

    SHA512

    6bd930896090b729ba992d21481c200cde2177a9dbcd5b7444356d694557f5ee518264f232fff6316fe6f824c1e107c54c330e3823e9f811a39e36f5c0b30d12

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
    Filesize

    21KB

    MD5

    82c6ac5e46c85206837e131eddfddd83

    SHA1

    034737421748e5bfafd4e854534f3ad9fc9770c7

    SHA256

    55cf8a93e707fb1962dcc46766d7c5f0f71b64f332a6117118f94d7cb95ff322

    SHA512

    914b0c8f1d06e3b0b8c00bda75f227ed3864d048c2f69f0a331cbecef925ce68705afc53cdd041e430ccda931fd2605f5dc579ffe8beaa0acffdf4c51b162eb1

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
    Filesize

    8KB

    MD5

    bbef149c3dcde06a394ba512422af3a9

    SHA1

    34b0e982f4d5d731de39b322d4824b6af6472627

    SHA256

    f4097368dc6b67514f2991640d563bb52fc01c7fcda1c29566b9ed7208954cd2

    SHA512

    595989ecf2d2bea0939dbf57faaa3bfb690166c17fb1d1da27b58871d54b3209d71c6e5489e983e5d6d3ad05fd97bf847a6e11bc9cbc9fcfc9535818b07e08be

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
    Filesize

    1KB

    MD5

    9ceb184e2a266d3bd7ee49d69f60c0b1

    SHA1

    85d584f08463901541033025c42cdc2d718f0bf6

    SHA256

    b7e00794735ca81c2966cc03e93b5880504c98764ad9af3bd273c48c684218c5

    SHA512

    f9f46dad610a9b033300c22a8373d30165cdfb3175800c4837232f98c6fbcc843b8666b6c3ae313931457b0576b1891cd3a2f9437aa68933d70d52a3751463b6

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
    Filesize

    49B

    MD5

    bd6fc9ca96698344936b22ccef4ba428

    SHA1

    49fc5c771601ed5e3897908cf8b83b546821a6be

    SHA256

    1003f1a53667e28e7952335498bdedd3377eae435189df01235b6602a5654823

    SHA512

    095c01770b4f4e9f9fcb29c0ce290043f5c1de9c7b9767e7dd889aa25f3c103ac2dc8de5258a639aea477f649aaeb14687767a9912d6326503019369a1ed8ba6

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
    Filesize

    8KB

    MD5

    546aaf9ef3bd5a5d57584730e8aa12da

    SHA1

    009188fede09461fdeb7b7138bd47b4bce60a6c2

    SHA256

    fdd0d7552e874aa61d24a097fd9c297616d4e0ef684906a17c8c9425bed52c00

    SHA512

    5d6fd8a6332055afa3fcbc74a08638184bd322fc0d3da5180314438a6eb6e120b5d09c9fa0b89cea949a562522b16b9b7d49fa9a30438f0501a589c1d2f7bd2c

    Download Submit