locky | 8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4 | Triage

Submit
Reports

Overview

overview

Static

static

Prepros-Se....0.exe

windows7-x64

Prepros-Se....0.exe

windows10-2004-x64

Sharing

General

Target

Prepros-Setup-7.6.0.exe
Size

226.8MB
Sample

230109-s7v75aeg36
MD5

3a734395c8d70263eb3b41d3eda9ee7d
SHA1

26644f9adbdd330eeb9f07379bd2f3fc67fa737a
SHA256

8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4
SHA512

1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6
SSDEEP

6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq

Score

10^/10

locky discovery ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Prepros-Setup-7.6.0.exe

Resource

win7-20220812-es

locky discovery ransomware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Prepros-Setup-7.6.0.exe

Resource

win10v2004-20220812-es

locky discovery ransomware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Prepros-Setup-7.6.0.exe
- Size
  
  226.8MB
- MD5
  
  3a734395c8d70263eb3b41d3eda9ee7d
- SHA1
  
  26644f9adbdd330eeb9f07379bd2f3fc67fa737a
- SHA256
  
  8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4
- SHA512
  
  1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6
- SSDEEP
  
  6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq
Score

10^/10

locky discovery ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

lockydiscoveryransomware

behavioral2

lockydiscoveryransomware

© 2018-2024

Terms | Privacy