Overview

overview

10

Static

static

3

a2e137b96f...18.exe

windows7-x64

10

a2e137b96f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe

  • Size

    332KB

  • MD5

    a2e137b96fcf8ffe157b8d9b871c9c2f

  • SHA1

    bfd26f14f65a925385f9d9fd3ba4f2dc7d227d04

  • SHA256

    6458fc166f5dea867237ded207571f1bc50f9ccf04aa31467776a729224ebfbf

  • SHA512

    d1c42ce68028adf239491612365d4b6234293e223a38273acf49f3b75516410b199e08cd6950cee725d239133637f54b1d756e9eb11de66e9ce6084e5fcc8a0f

  • SSDEEP

    6144:j5cCXzErOGrtgxcpmbZ1lj4P6Npo67jnz1TT82X+j9X:jiazErZgapmNcC/Pnz1H8a

Score
10/10
lockylocky_osirisdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Locky family
    locky
  • Locky_osiris family
    locky_osiris
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2704
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OSIRIS-03c7.htm
    Filesize

    8KB

    MD5

    b7eba84eff8d5142c9c6708fea75009f

    SHA1

    ca56d3d564a596a7e9b1bdca65e646e952f9fbb4

    SHA256

    a1161e3900158b65a0f5189fcc21aaa5e51737964e8e4b23f72753d331455f9e

    SHA512

    4cdb6f756e3f6e8bdb600aaa0edb26c760ec823be685f7ec5ef7538d43c9a2be14981224af1915774edf6ad68e1fc84d1280dcc38dcaf7ec70bc20c597059ee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15641e90929cce181b5d06c670f93207

    SHA1

    d21b2f256f1a87d19d415cbd6be7e4edb41dba5a

    SHA256

    d345939a228f6e42614e8b57bacf69eb18015640f42db25bdfdbb5858fbe0753

    SHA512

    90cfcc4e9a1d091ebac7ea178777883af7bb327f607416fd5d97fcca3d1d871c41448a8e8278bad0dd50e8eb0bd53af9f675431505d61067e3693924fbc5347c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e72e32e2222c610d7aa728b8634c5856

    SHA1

    8680e7704de9e106b65f4434006257290eceef6f

    SHA256

    e2bfa5c06d863fd7a1b624478af0893d657aa033bd68334aea9f0ff7a981fe58

    SHA512

    aa2a0a7faf25d96cdd043dc85d887d2b9c92b366be56dda1586750fb8ba551472cfd64d70948f8b3398634e8c7a2ccee3ba19483b0ce8ea4a363d255e9a674ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecc4430338c4e1678950ddbb09de74f9

    SHA1

    6d80f25eea95948a97d033e168f614c16c67edc3

    SHA256

    f40e22ab10144d5dfbfa7a18470ab9b6fff2c33960cee9781d30490703a2c718

    SHA512

    477915275ebe4615a3773bf201bc5520b87b68f747ff076078a41ae743dcd9984d17befc2e1ebdeb528f81f84b9fcebe9c8491fb704e0e6a6aaa74c66d9d208c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e3cb8d13f893b77b1101e03f24e01c0

    SHA1

    69126d024343406e861fd2d99b980891916c7426

    SHA256

    046a782ec074a7708485ae6179cb5de04065ab992c0975374eb45a30b18f5c71

    SHA512

    ec30d26c867c9f507ba53debeea07567a1ad7ea27903dfdc6d22048b23c74f38cd72d43590093768b88997995983ccb1804096153576a5b6038884025df4f4a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e5dbd3686846a953b7bfaaeb91e68d9

    SHA1

    6d7ffb4ca9dae1aa666a46afdafaaea0807b0d7b

    SHA256

    d8e4f3ff4577d15b5694ce316e12ca9712424cafe6054ad9d7eb7e769429b63f

    SHA512

    0dadf296ceaa08f138622f5d3c89d8d1af8bc4911f89a177ffa3ea832d83b09d71510a45572428d3a26bd692bb94e3bda79f44934e8f847797b3bd908c7f5b0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e32e36fc603732087416791e8338fb15

    SHA1

    f21e9becb88882e8c3feb2cd16bb200a8afdea5d

    SHA256

    af5bce8bee936a62f59316a7bbe2718360162dc6d8c629e83712fad711d147d9

    SHA512

    e23082df89e82c53eea0ad04418153c5a05de601689ee5d2538bb3326204eb733fdbe530a74fef8c2a737647cd20352fec370ea30c73abd3a87ca9f38e26c39f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ce9f56b6204fbf5626fc78e8971b4fe

    SHA1

    31fd0ef0354ac64759c4dded9aba5cdbca91ee9c

    SHA256

    cd7944fbcc8f0d28b6bcb212cd106399041618af0ff80e954238b6f74d226874

    SHA512

    86923242bcaef2fcde05c4dba18d083ed656746f13317afb8e8b49961a0e8970fcedb072f8716b215c4ee81e29dc0a2ba0145821d9ee2d6b17866929cb54fa2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fe5f764b5551623c6f4d377935c5564

    SHA1

    60ec2905a6a427570287acd8626f48ca54f629b9

    SHA256

    e7fd5b651cb80e4720753f0bbcb06c1a3137e0d1ea708d4f13f27eb90af38b0c

    SHA512

    f7f628adfdceb984b09e7670876ae909b860c7380c8d0fb740d2421a94b0ddf5d980e5279dc5795218d8ecef7b2bfc81132da71cc9a6723177985a6f18615d70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab8f30062410c4610b7a8e5022c606e4

    SHA1

    63b740a632eaadb70f57411fd042e0b27a61385e

    SHA256

    6f671803dbf134f61f334f8d9dca53b937d3fd8ac789e7f131e152ab09280949

    SHA512

    452166aa74b7cc8bf61cd9ebb85553e7d593b76f69c3a035929b6750437e35088da2dabecf03803532dcf76578e6aa955affb2ae6a82a54de82932cb041fcebc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0732e25aeeba074f4074ddbbbcf4096e

    SHA1

    37352efe92776fbc6af64883ed906cd680d247f7

    SHA256

    108446de7cdb5e2c691d219c42e5ede8368d1cb85489f147d3e825f23b0507fd

    SHA512

    bb4301a94e9441829cfaff81b64b27d39da894d72888b082ef2468aa0b7d4291c2ddd6d2639bfd691cbae0432a4ea19c11199510645e4b7a60aaf4d9223c400a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b886f9b48196ce2f787ce4a36d6b19e5

    SHA1

    d0db1128529c24b6f6c1be9efc3fd73f8d2043aa

    SHA256

    02e7bfa9fec6288e8f99ba51cae69558dc7a24cd4b73b996f76b692f1d96e175

    SHA512

    e37b923891215a05bedf00c979199586d43b96079b346ae8e82da72a86373f2dd3b11bebda87b2c96298bcbe0956068e40636a2322daec976de545e2dc148a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff614f9c136ee2b8572173e5a5ff8103

    SHA1

    0386ae32e80117baa26b202020c788010cf88784

    SHA256

    6cd2d347bc0099b051e960ded69b40c3e0f1e66335f6b4dd02b02b224d853b93

    SHA512

    0d2f33e896f67db9b42d5831f27266a5f4e753d1e61d5295b6f1f8f1d816b066d8751b81b925f7ef01b42666ff05575789c8345a238279e661ef376b21827e81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d219a0d990ca593e5fe38e2486b02eec

    SHA1

    b60e50911a73a31d0f96b746b8c0c199caf9b265

    SHA256

    58bbb23e9ec1a39b4893912a685dd5c12d8e5dc78d60c4418a02677bac283f75

    SHA512

    d7d62433333ab0fb59c46495ae4c24ceb2216183bc339090e138d9ec775ca362467c44ad60cb13f3f0fecbcf0c4f06545896c51cdb324494187eee239cf70d9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1910724912cc255df41dba578cfee130

    SHA1

    3896d9f3851381356f64f3daabd4b046fc3f377f

    SHA256

    01ebcd5afabb7a9ea9b38633be767f3efd3409a6c13bab1f25428a9e04927805

    SHA512

    eb77c7e977438e0a2a8c336772b6ac2a522cf40609e8c83dac7cbc6422e43b323f79298bdbbedf631cf7ff547e12ca526951b39e7785fbc424952e54090037fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76ded45dc258b0b8888bb14c0b0f9dc8

    SHA1

    129a7b2b2373f0356ea8d30ae22c079868de1692

    SHA256

    63d8143488ed55998b81984ee1a322ec871dfdb39b6b18f0752d6b79100cd2ee

    SHA512

    03fd766de5b17d2d6802a19194a005b57b08c2a73cf137350db47f86d6b44f72205060371e0dcc605fa2a4bfa145df4d54bb4c302548aeb2e4409e91503a7566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7f19546dbbe762aa10b5c6ea97a78f0

    SHA1

    9a425ef1a4fa914918a2f4cfa63d27939f518213

    SHA256

    fdee3fc59f9ce01cbc73b497c4b24015603a35dea32fe1e09cc8242ebe6d3dcc

    SHA512

    c8ba6188169d529227dc13fc4626241a1da77c69f5996eea279a7b11405feae67d52a7f9d315d4fd7dfd2a39c534edc2b9b8c3917d8c87b2cd1a4505c974fbb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4a96cd639d97f477c38f045ce6e5ecf

    SHA1

    b9168bb95d10ff6ce0e50467f7f699296900363f

    SHA256

    180ff4d27fc38b0b9743f44df33c0af1c80168b95145356d5f613319dd68b928

    SHA512

    74091572266fc5aed178dcabad46bb4237ad36eaf044f0edd07326f97a80c5af39c39cb56b9cb3c3f1c6baccde2d2e66c6ebbd81f9aaa370705eb29990170924

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec6a6c3755cfde35832e4353df1c236

    SHA1

    760afce528372485008a2da94576f501468a135b

    SHA256

    555a4f5cefb98da21af31565939a45bf2672782e7a29d6e471669cdbd8c01302

    SHA512

    d7ac11e692bfc968e70e3f9ad6068463b8f266d71dca5e84fb3f0323f6a613e445c164a237588959ea7dc37df6c1ad8da53ab97a8ed782a96b7a0828b38ac495

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1192f823c803909b7e1db3bc6039484a

    SHA1

    8c4f9559ad6fa58fec28c7d30c368ee7c3451ddd

    SHA256

    8b693890cdfbfd32f8769a09bdb5ddf594bb5d683c8c35733dc16d9c612054b0

    SHA512

    de325d95540085d36188579e6ad1038aae2de0e33c53813ab479143ba5046aab26921cddfebc481a7196036e8ce40592460360e3a00884f413cbe0eac15bd3f2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab20BB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar212E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.8MB

    MD5

    dad37d78b1d7d66283677860ffe7cdf9

    SHA1

    409137128ccf44c0926f8e480220bcb5d12f079e

    SHA256

    f20df1fe207fccfc088d2670d261c57fc4d4f324643fde319cba0624da483292

    SHA512

    3e2a597b5b4b47c4fe2d2dbc88b687de451cc7387213dc15be52000b456ab52d74069e058fc5b5694c56cf8514571ef85b8f7a6e44fe6a6beafe5c4809e00bb7

    Download Submit

  • memory/2612-9-0x0000000000330000-0x0000000000357000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2612-8-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-1-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-363-0x0000000008800000-0x0000000008802000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2612-358-0x0000000000330000-0x0000000000357000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2612-10-0x0000000000330000-0x0000000000357000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2612-365-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2612-0-0x0000000001F60000-0x0000000001FD2000-memory.dmp

    Filesize

    456KB

    Download

  • memory/2612-11-0x0000000000330000-0x0000000000357000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2612-6-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2612-5-0x0000000001F60000-0x0000000001FD2000-memory.dmp

    Filesize

    456KB

    Download

  • memory/2612-4-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-3-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2820-364-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download