Overview

overview

10

Static

static

3

1eb5b93203...18.exe

windows7-x64

10

1eb5b93203...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    1eb5b93203f2ee6d0cc0c61f634eeb63

  • SHA1

    9f6eacd64f69c34c88b5a249e0c07a275efff1f6

  • SHA256

    92d843407a4f17392c7d7b2f6fc2dfa879743ed87d54c16a0449bfb4d168b541

  • SHA512

    7ca76f7085982cefed0c98fb9660193178478a73be641bff55ed88a8d07925bb56712b877b358e65aa198bbbd0ac5330bd280239ec383a426dc928f4aa076d0c

  • SSDEEP

    12288:OBRpTCkUGgvu5F4ZBV9K8HCEZqxeemKduM+cyS1T7FA+6SP:OVTCq4H3KFjx+ALb1T7wSP

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2664
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2808
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1cc71f208012ce1e30617f9c714661cb

    SHA1

    b504be172d97be8d8bb63624982c36757f86b109

    SHA256

    5a54826bbc27d244831beab7e39ed8f218906be1e08abe3d1fb74c33f51187cc

    SHA512

    eb803462d747903df14c60a54c1e81a4c9f990dfcc408b6f1c7f10b5bbb9ba3531c9be49f4ec0401187ba9802924ed6a42585ceac8241293212f0fa62f267989

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a9f1b02b676c97d4ffa25334372135e0

    SHA1

    33ccb1980a94f7b6257884809409bd54d99c2527

    SHA256

    b8fad1dd57ba007b65aeb4da0f7954a4bd878cbb921dabce7f1b20cf7cc29fd7

    SHA512

    c8c928ecc5ef08147fab088224cbd314ef968b2c656a1ae0d8176c1ff1f1db3fc06d3f701e8203fbad71b0fff4dae71711e9db00e593934c3a1e08af89dc9efe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f78b071b38b0c3f83d953a5bb9e773ba

    SHA1

    403cf03b8a0a4bf026854722993a27efcd686dd8

    SHA256

    83e3a8b111350a0b1f9f743707f2530b5c97825c3593ee396d8f39935d3c559d

    SHA512

    52891c46b70f4a27bc70b71106e300bf02d53762c5cb9e0213bf00e4dc6353ce2e4b600c26e59dff9dbea4fedf9c4a6366218fd9a035998fa66258e3607b7903

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c2e9532426d011692191f4e3145ccffd

    SHA1

    c9b7ef0cb3ed7e35ce61537bf218922121d6fcaa

    SHA256

    32943bd8f620a549befd5eaf7a716b243aaf532bb71e39bd8862f018c361dd8a

    SHA512

    ab067fc505a3de3d0a79a99c1ea8332c981e4b0d0938c209f07ca0462df73e09c0ee6ce0be923ba27aa0f9a742af65fdebb31c8ee631550d0d7e8a267e6c9a98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0253e8f8dfb08189e6d0aa6ecfdb3c10

    SHA1

    3dce1745b9ae18715d5b7a71d47aa8389efebe2d

    SHA256

    8c974dff5ce6c4992ba61ce45a5fcd15d6de8af9f6bdf38800e145f44e9e1f8f

    SHA512

    a832f25657d6ff453eb98b0429acc6d7204d62debc43ebdfa6da8e1e9967fc3be780341fbfe81e83cfc920d2177d226e5a3a613f5efe5b760451a27daf991bf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a42ad5e3099944a511641162a40ba16f

    SHA1

    6c2b87776a7e178371e9c309ec418a78124f42f8

    SHA256

    7a5140ceee9b606f630e980123fc9b6b2446d0a2048d29f1be1bfdab36771bad

    SHA512

    ba3970715bf6bb09f2a29809290f15968561cec9c7377ee7a61c3fd67682093d2231ae696d4b4fd339f95bda3416e79fa585d8bf0a33c56193f97a99b4199acf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    96c76c378655207720536bc15e8511f3

    SHA1

    afcf5048bce4c4c4a61f4643aedc8330f02586d7

    SHA256

    062593d31c53eb4b36e82befc31fe6e20def09d0a3bce02cc40c839495c32a26

    SHA512

    b747a9012064dca1e7e96cfb0eaa3976e921ac5e3477a532078e519482b14549f4bdc6e68b024bf5dfde83c6409988eb9aa07b6e355fb7f4c555a0ebf1892a95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ba4d6c0e1212b513beafe65c8e0ccf61

    SHA1

    36fdf629d4efa01f896855e7b70abbf49b87b0ab

    SHA256

    fbc4200983f6852ac3cfefc12c7727d3dc5ba9e2c442b58bc668fff0f5a4f0fd

    SHA512

    5e95cca86a0d199068b8cf112d1160a1f93a3f176948cabb50345b855ca485a2f2a6ef83847968a4f348eda83dbc743860787e5b9ad2ca0405894bd43005f9f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab94B4.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9586.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.3MB

    MD5

    057ae9d049edd22f26ffd45af426c4ab

    SHA1

    4a1d838ae55287cf2d3b39e3f3ceb8dd10bf8188

    SHA256

    3b207aebee069518c4fda6301cafe508e828d5116909145d9468533bddccff7b

    SHA512

    5a19881ae226cebef4125cae1c05a7b67c8c3acf7939f2c76158e9716ad10e917c7261ebdc9a75b7623de03bd4a21851018ddbc31bd3347105f9540c7344f11c

    Download Submit

  • C:\lukitus-e155.htm
    Filesize

    8KB

    MD5

    aa0194564a225e2f8cd4fe54f762a868

    SHA1

    8fc35b0cd12385828531941138072d36d01fc711

    SHA256

    22eeb007664e65e77f0c9d03179e8eff0d13361b61f0c1039bfce40907e49bd3

    SHA512

    c04617907b9f0c18c4d6be3784ec045046aede5510b0c088dfb3a322b1ea5cf04b763de1038210d7d57bede7d652d2239ebeeb81919594591f8280605de8bef0

    Download Submit

  • memory/2312-8-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-1-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-277-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-0-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-272-0x0000000002B40000-0x0000000002B42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2312-267-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-7-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-2-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-4-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2312-3-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-274-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-273-0x00000000000B0000-0x00000000000B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2568-753-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

    Download