locky | 1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6 | Triage

Submit
Reports

Overview

overview

Static

static

1d4a3957a4...f6.exe

windows7_x64

1d4a3957a4...f6.exe

windows10-2004_x64

Sharing

General

Target

1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6
Size

634KB
Sample

220607-epbh4scear
MD5

c77d1c0c0ecd0b2f81f2bcf89fb07279
SHA1

be7d13c25052903d150ed07e836e210e298b9995
SHA256

1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6
SHA512

a967039c4a9804b3ff51c25fafa93322f983eaa52fe4361cae3f5a54c02eafc0bea8e848a3e94ba17e09622b53466dabef14c1a775f0958f06c6aa8e70b9e091

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6
- Size
  
  634KB
- MD5
  
  c77d1c0c0ecd0b2f81f2bcf89fb07279
- SHA1
  
  be7d13c25052903d150ed07e836e210e298b9995
- SHA256
  
  1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6
- SHA512
  
  a967039c4a9804b3ff51c25fafa93322f983eaa52fe4361cae3f5a54c02eafc0bea8e848a3e94ba17e09622b53466dabef14c1a775f0958f06c6aa8e70b9e091
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy