Overview

overview

10

Static

static

874c1f9e84...e2.exe

windows7_x64

10

874c1f9e84...e2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    874c1f9e84b72abce8462bdab41fc21741b3a1f11c615f5888c79cef25192be2

  • Size

    225KB

  • Sample

    220628-t5eysscef6

  • MD5

    443b93821bc7827700626a682a003d3d

  • SHA1

    502111af98e989de68d8e1fdea884758d5d27538

  • SHA256

    874c1f9e84b72abce8462bdab41fc21741b3a1f11c615f5888c79cef25192be2

  • SHA512

    fc2ec8d4b6a6dbc790f840d83795c1803e9bbec9dbfc8c657c67af813fad558b922d627946202cc755807bd9a283dce6c7c91a8f393aee5798866c53eec3ec00

Score
10/10
lockypersistenceransomware

Malware Config

Targets

    • Target

      874c1f9e84b72abce8462bdab41fc21741b3a1f11c615f5888c79cef25192be2

    • Size

      225KB

    • MD5

      443b93821bc7827700626a682a003d3d

    • SHA1

      502111af98e989de68d8e1fdea884758d5d27538

    • SHA256

      874c1f9e84b72abce8462bdab41fc21741b3a1f11c615f5888c79cef25192be2

    • SHA512

      fc2ec8d4b6a6dbc790f840d83795c1803e9bbec9dbfc8c657c67af813fad558b922d627946202cc755807bd9a283dce6c7c91a8f393aee5798866c53eec3ec00

    Score
    10/10
    lockyransomwarepersistence

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks