locky | 4d6aa12717b547f1e5ea64a0ec5ae70e569a5f87d10dee4beb8dee135eb0d24e | Triage

Submit
Reports

Overview

overview

Static

static

jhdsgvc74.exe

windows7_x64

jhdsgvc74.exe

windows10-2004_x64

Sharing

General

Target

4d6aa12717b547f1e5ea64a0ec5ae70e569a5f87d10dee4beb8dee135eb0d24e
Size

529KB
Sample

220712-dkngfaahb7
MD5

94256d0c38c99e4017553414918bc1f7
SHA1

72c339ba0e64a4b7b9e1cb6ffe9f37b25881d8b8
SHA256

4d6aa12717b547f1e5ea64a0ec5ae70e569a5f87d10dee4beb8dee135eb0d24e
SHA512

6b4aef017cfbffa8e8ff06d801e948e48927eb387d19f7d4dcd5adada5256cadfcb1a726fa59e340d2be47670948f06e97370e82acf39b7fb0ffd310ec56dced

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

jhdsgvc74.exe

Resource

win7-20220414-en

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

jhdsgvc74.exe

Resource

win10v2004-20220414-en

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  jhdsgvc74.exe
- Size
  
  654KB
- MD5
  
  693ef59145aa6b9e329f91538855ef64
- SHA1
  
  e3067d7c7227af026c0abfbdf7b417c4e294f380
- SHA256
  
  3a810cbad7296f83122c4a16b935a723d8019419069a55c939d93c246abed2ac
- SHA512
  
  3f0ad7a869823d63d1867f4bf2322e88a909324bab80e7e6d8906237db0aea669326030f16a337980681cfd94c86a955ccb2747ff41be0bf75da112a53693a6b
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy