locky | 1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3 | Triage

Submit
Reports

Overview

overview

Static

static

1f1f7961cf...a3.exe

windows7_x64

1f1f7961cf...a3.exe

windows10-2004_x64

Sharing

General

Target

1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3
Size

589KB
Sample

220612-xl893sgag9
MD5

e43244db36895d6a28850d3408d80f45
SHA1

86ef0edf0a3f2f3edf4192fdd3addedda48945c9
SHA256

1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3
SHA512

d55ae92112dccbc515e4b9790bf7470304ae9fe3c50d200d31ba91ebbf1870f15978cdb622b0b51c126656865e5c947a201cffae337f058c8783a58813286004

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3.exe

Resource

win7-20220414-en

locky persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3
- Size
  
  589KB
- MD5
  
  e43244db36895d6a28850d3408d80f45
- SHA1
  
  86ef0edf0a3f2f3edf4192fdd3addedda48945c9
- SHA256
  
  1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3
- SHA512
  
  d55ae92112dccbc515e4b9790bf7470304ae9fe3c50d200d31ba91ebbf1870f15978cdb622b0b51c126656865e5c947a201cffae337f058c8783a58813286004
Score

10^/10

locky persistence ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

lockypersistenceransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy