locky | 5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d | Triage

Submit
Reports

Overview

overview

Static

static

5a99667cc8...8d.exe

windows7_x64

5a99667cc8...8d.exe

windows10-2004_x64

Sharing

General

Target

5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d
Size

221KB
Sample

220628-tvvw9scdh7
MD5

ff06ce7adf8f6cf1973a6845859ff0b5
SHA1

156b3e27568aa946e2ab4501db813f6b95a24abd
SHA256

5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d
SHA512

19d6c63f4338a990943cd0e3118d1c32913aa686372a0e25165c4759a0708c364ab451bb1faa07102e49a5c1b95c3fcc5ac75e6c16d5589bc65b9c47533012dd

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d
- Size
  
  221KB
- MD5
  
  ff06ce7adf8f6cf1973a6845859ff0b5
- SHA1
  
  156b3e27568aa946e2ab4501db813f6b95a24abd
- SHA256
  
  5a99667cc8f3189edf0907703e2225aec3a015031dee9fc6ebcba291acfb888d
- SHA512
  
  19d6c63f4338a990943cd0e3118d1c32913aa686372a0e25165c4759a0708c364ab451bb1faa07102e49a5c1b95c3fcc5ac75e6c16d5589bc65b9c47533012dd
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy