Overview

overview

10

Static

static

Locky.exe

windows7_x64

10

Locky.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-03-2021 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Locky.exe

  • Size

    180KB

  • MD5

    b06d9dd17c69ed2ae75d9e40b2631b42

  • SHA1

    b606aaa402bfe4a15ef80165e964d384f25564e4

  • SHA256

    bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3

  • SHA512

    8e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Locky.exe
    "C:\Users\Admin\AppData\Local\Temp\Locky.exe"
    1⤵
      PID:2008
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\FormatRequest.vssm
      1⤵
      • Modifies registry class
      PID:1496
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:1044
      • C:\Program Files\Windows Defender\MSASCui.exe
        "C:\Program Files\Windows Defender\MSASCui.exe"
        1⤵
          PID:1324
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          1⤵
            PID:1208

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/788-4-0x000007FEF7020000-0x000007FEF729A000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/1044-7-0x0000000070FE1000-0x0000000070FE3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1324-9-0x0000000000220000-0x0000000000221000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1496-5-0x000007FEFB891000-0x000007FEFB893000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2008-2-0x0000000000220000-0x0000000000224000-memory.dmp

            Filesize

            16KB

            Download

          • memory/2008-3-0x0000000075EA1000-0x0000000075EA3000-memory.dmp

            Filesize

            8KB

            Download