locky | 679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76 | Triage

Submit
Reports

Overview

overview

Static

static

679a0ab66f...76.exe

windows7_x64

679a0ab66f...76.exe

windows10-2004_x64

Sharing

General

Target

679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
Size

241KB
Sample

220628-tx7nvaagek
MD5

e52cc2b7136c572838b8a9e2b021bd5b
SHA1

33a4d5d7d28c25b3166a5ee1e6e60054622a575c
SHA256

679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
SHA512

7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
- Size
  
  241KB
- MD5
  
  e52cc2b7136c572838b8a9e2b021bd5b
- SHA1
  
  33a4d5d7d28c25b3166a5ee1e6e60054622a575c
- SHA256
  
  679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
- SHA512
  
  7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy