Overview

overview

10

Static

static

jhdsgvc74.exe

windows7_x64

10

jhdsgvc74.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d6aa12717b547f1e5ea64a0ec5ae70e569a5f87d10dee4beb8dee135eb0d24e

  • Size

    529KB

  • Sample

    220712-dkngfaahb7

  • MD5

    94256d0c38c99e4017553414918bc1f7

  • SHA1

    72c339ba0e64a4b7b9e1cb6ffe9f37b25881d8b8

  • SHA256

    4d6aa12717b547f1e5ea64a0ec5ae70e569a5f87d10dee4beb8dee135eb0d24e

  • SHA512

    6b4aef017cfbffa8e8ff06d801e948e48927eb387d19f7d4dcd5adada5256cadfcb1a726fa59e340d2be47670948f06e97370e82acf39b7fb0ffd310ec56dced

Score
10/10
lockypersistenceransomware

Malware Config

Targets

    • Target

      jhdsgvc74.exe

    • Size

      654KB

    • MD5

      693ef59145aa6b9e329f91538855ef64

    • SHA1

      e3067d7c7227af026c0abfbdf7b417c4e294f380

    • SHA256

      3a810cbad7296f83122c4a16b935a723d8019419069a55c939d93c246abed2ac

    • SHA512

      3f0ad7a869823d63d1867f4bf2322e88a909324bab80e7e6d8906237db0aea669326030f16a337980681cfd94c86a955ccb2747ff41be0bf75da112a53693a6b

    Score
    10/10
    lockyransomwarepersistence

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Tasks