locky | 0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906 | Triage

Submit
Reports

Overview

overview

Static

static

0670326e05...06.exe

windows7_x64

0670326e05...06.exe

windows10-2004_x64

Sharing

General

Target

0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906
Size

253KB
Sample

220628-tda6jaaegl
MD5

265ad655f714e56035e7354a446b9625
SHA1

a5e089faebec56f776b677f1fc95c51feafcea50
SHA256

0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906
SHA512

385437df5fad17fb1a17d686044683f461c14b6a2c507c9cf563bd97e37bc9198226e2866b050d68d849c3e516a17f83d1416874c6e6490b8f17d12b6ae5ceb8

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906
- Size
  
  253KB
- MD5
  
  265ad655f714e56035e7354a446b9625
- SHA1
  
  a5e089faebec56f776b677f1fc95c51feafcea50
- SHA256
  
  0670326e0572ca61e6a1f9b654088f5ac91fd3426dcba932377c801763fe5906
- SHA512
  
  385437df5fad17fb1a17d686044683f461c14b6a2c507c9cf563bd97e37bc9198226e2866b050d68d849c3e516a17f83d1416874c6e6490b8f17d12b6ae5ceb8
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy