A new ransomware campaign relies on a Locky variant that is distributed through JavaScript that includes the binary of the threat itself. Security experts from CYREN firm revealed that the new spam campaign leverages on malicious emails using subject line Invoice and the same file format for the attachments used in previous Locky attacks. The threat is saved in the Temp directory with a random filename hardcoded in the JavaScript, then the threat is executed with an argument of 321″]
Source: http://securityaffairs.co/wordpress/49783/malware/locky-embedded-scripts.html