locky | 0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708 | Triage

Submit
Reports

Overview

overview

Static

static

0c96311fbd...08.exe

windows7_x64

0c96311fbd...08.exe

windows10-2004_x64

Sharing

General

Target

0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708
Size

201KB
Sample

220628-td3wjsccg9
MD5

038972d01e9d035b84e886f67c865a4b
SHA1

18facd6db290de6032c1eabe2949e8ea06b71176
SHA256

0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708
SHA512

756f52345b2fe33cc929e78ba51ee7a15c54006a13a42e8aec0595b3243c6b9b9b1f660c7dfd272f9a95716666982a4aff98d9535bb2aa4d6da57b28455aace9

Score

10^/10

locky adware discovery persistence ransomware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708.exe

Resource

win10v2004-20220414-en

locky adware discovery persistence ransomware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708
- Size
  
  201KB
- MD5
  
  038972d01e9d035b84e886f67c865a4b
- SHA1
  
  18facd6db290de6032c1eabe2949e8ea06b71176
- SHA256
  
  0c96311fbd6dcd5af7dfa4875fc72beda0c9e1c7470ec8d0cb54041201f94708
- SHA512
  
  756f52345b2fe33cc929e78ba51ee7a15c54006a13a42e8aec0595b3243c6b9b9b1f660c7dfd272f9a95716666982a4aff98d9535bb2aa4d6da57b28455aace9
Score

10^/10

locky ransomware adware discovery persistence stealer
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockyadwarediscoverypersistenceransomwarestealer

© 2018-2024

Terms | Privacy