locky | 75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa | Triage

Submit
Reports

Overview

overview

Static

static

75af16d64b...aa.exe

windows7_x64

75af16d64b...aa.exe

windows10-2004_x64

Sharing

General

Target

75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa
Size

196KB
Sample

220628-wac7tsdab4
MD5

aa8c6014c7b013bbf39644b9c1bb573b
SHA1

763c261408ea65f44e6a1c327fc3db7e38172197
SHA256

75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa
SHA512

03fa97b90cd44f1ea03efe0328c6c8a9a591233ff68255c318611cd3f2ac17ac4ccd05bb6b2872f3afddfbd7beefb65bbd2b1fb21e676b7b6fd4e3ecc625edd4

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa
- Size
  
  196KB
- MD5
  
  aa8c6014c7b013bbf39644b9c1bb573b
- SHA1
  
  763c261408ea65f44e6a1c327fc3db7e38172197
- SHA256
  
  75af16d64b5bf4487f21cb2d74910b9e63eb64001cdebaebf2f2eae2d16460aa
- SHA512
  
  03fa97b90cd44f1ea03efe0328c6c8a9a591233ff68255c318611cd3f2ac17ac4ccd05bb6b2872f3afddfbd7beefb65bbd2b1fb21e676b7b6fd4e3ecc625edd4
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy