locky | b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71 | Triage

Submit
Reports

Overview

overview

Static

static

b428e5d847...71.exe

windows7_x64

b428e5d847...71.exe

windows10-2004_x64

Sharing

General

Target

b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71
Size

191KB
Sample

220628-wyds9sbdgl
MD5

47380d71be72bb4ff55b5e51f8bdc963
SHA1

c9fa6bfaa364a15a1aec3a8645999bd3fe7cd3af
SHA256

b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71
SHA512

4b3e4094d8de13dee8f1bcbdc125e91a814fb7a46ce3531326192fad909d6e3b4e912331614bbb302ee18ef0caa14da9f767e554685676b438b89b04d6eb32c8

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71
- Size
  
  191KB
- MD5
  
  47380d71be72bb4ff55b5e51f8bdc963
- SHA1
  
  c9fa6bfaa364a15a1aec3a8645999bd3fe7cd3af
- SHA256
  
  b428e5d84776ac342681ab069cdcf0585b62868a6407345b508f2c459f870a71
- SHA512
  
  4b3e4094d8de13dee8f1bcbdc125e91a814fb7a46ce3531326192fad909d6e3b4e912331614bbb302ee18ef0caa14da9f767e554685676b438b89b04d6eb32c8
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy