Overview

overview

10

Static

static

3

230606dd8b...18.exe

windows7-x64

10

230606dd8b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 03:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe

  • Size

    660KB

  • MD5

    230606dd8b0d62e2a8a04ef61b2d8707

  • SHA1

    5c50cdad090de913d0c87edeb392c8df1af9f5c3

  • SHA256

    5bf84469051c85bd684e03eb46f774cb1e913884c95acf7b210a8a4469da8d9f

  • SHA512

    188e08205a38730057c63753451784a499657380cb0384e7d7f9ed9b5c3d60aad8daeae47e125ab22fd23357920bfd79a69423c5f9d733269160a2a7331df77d

  • SSDEEP

    12288:lMtWh23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:lMtP3p0RzYa+E

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2524
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f2dfd2a6ed4e154b14e86679a50dd66e

          SHA1

          f70cc76eed1bf61c6633741222c9eeb699bac643

          SHA256

          79d4c5e46135a839631265a0200a12b948292ed1beec89605a2b0a58a536e985

          SHA512

          d089af48af94de0dd4ae2104df459ef37e91e877a84f9e43eeb92e78a559b8676795a4ed6f180882462a23d1f6f35c11ea4e4bafe19c8d289a23251cd2d922b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          048f6c7ab15cad26993950896796b282

          SHA1

          bcf68fff5321319b7b5b7c1473a6dcd5df26665b

          SHA256

          4704427c2a283219449fa42e46a29ea62393fdf6255a5972ae7355e594903b4e

          SHA512

          58002975aab4e65a7a937c9fb57f22e63f5422047cc7c8bd579bb1aa72658d3286513e9f3ced1effdf525c39c267eda28a82471e7ea0a073b753c20f70c31df0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bc02f6fe6cafa9eaef6694c42e6f235f

          SHA1

          63473473c31796648d98574efe20fa651a4c3cc2

          SHA256

          3ac1dcb8945a22514b9fe1be12cdc103c13b4c7dfa44ba54cd10406b2f8dc9b8

          SHA512

          afd133083555bd115beed4dddcdded39214702b3054c7d18e2ca97c2111ab742562020b419738a57c9417ae558df20157f3462ef86b3fff55b70f07f7986f95f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          194c7e5d351ac4ad0d720398bd1b2f2e

          SHA1

          7ebbe62b35b76e297576c9713afd79c759f9e6a3

          SHA256

          def2bcf051f6ff3ecf62cf9648e34d6bc62585099f767196abd63c9c2ef1d58e

          SHA512

          0cbc5192ecd86e5c2ced39abe2b56040314c45b0adffdf35049b729b782636bfa03db2d8a14b6a6777b8850097856a801662e68eb1446bdc28b28003d07685e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          049415ba8d60cf352fdb3a6736fcb60e

          SHA1

          986e367fbf6b290c47f2748f9b89c15e131ff9ed

          SHA256

          80176be037c3a6de9de3f8930930433aa2847b2557f964954a1fe76a80660e6d

          SHA512

          6855e1a88de0ced2ec55c690bd7413ffac728af9e548e38cf5177355dcd709b736689e734faad5f9125fabdf3e39d8d00e3c8e5a451048e80166b1df04239b93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cd1d010e3efb94ceccfc32856ea846ad

          SHA1

          3ac7eb5506283bac2b3ee33a4823ce864612c8e8

          SHA256

          965f0a5f90b3968f2488d1e513ffb9b321f4d424ae99af717b2581ea459deed0

          SHA512

          53ecda410b1a4519420c710b261cbc0181fdfc0d4ab4550e6c8a290db1ed86618e3b8b3cc5ebca236ed04a08429967d19cb6c49d92226acd25023a52a3db1a8b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8906a5df860ca70eb57f487de5d7fa7f

          SHA1

          1c7256f0973f4f3501106f6ef9627aac52f760db

          SHA256

          e4ad1fde1fd1df54ca4854f06e7f27b5feab524c19cb0825c8aae15da1ca660a

          SHA512

          91b97b876e634a4ca95f4ba17e41ac891c16549d4d9d99d3b84b5b2788ca91e11fa4b6c93bac1b25b42cb29240fa14b695f73ebba9033c6aa732b0e9c709622c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a60602f68c58bb3d5d3c54975c9a8e15

          SHA1

          77baddca784a9e1d1deb5fe5230f05cfb3dd6cbe

          SHA256

          10fc075f39dc5c2d95c3b0d11dd46211556ff31839f35c255a72b152bd9412f4

          SHA512

          f7466ff9e5fe45343e3018d65f5c4abbaee117ec0f342cb1b08cae1a5adcbc41e127642afadf0b8d2c56023e862aa546ff42974c39d6f898962393ae192e8e13

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b111923dcdc62956695389625f316711

          SHA1

          da97dfd0cf151878b2923e5b8ed13cba12abbcd5

          SHA256

          55cc41fd1c4d787284135e1fb09adf2ec5f7cbd010864d34594ec01e8e0eaa53

          SHA512

          8fc8789a9cf1517abe08e84c59d4a60b9f5f5441f637958af1b8cced4af782a55a4fbd358578ee53e0dedc633c0dd2b17f51ca971ffd92701f2220a92852d215

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2d1e65650612a38ca4f0ef4336024a84

          SHA1

          85a7eb30c3fed5df2334942042bee97cd5bd700f

          SHA256

          2cd9931a04c5f8bbe971f4fca2790dfe1d0199e87505b07f576e9420a7fa72dd

          SHA512

          3d0d37a1543f8c8b8493b0d86931abf1322f7a4d15ca6b1f72a1400307929e32adee654c10715ec4ac370d64254dbebb057744770ec62a464984ba74478aaa30

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9ff31b68aebe29ccd1caabf8c65679bc

          SHA1

          9393cb2393221c98e2b31ad1655ed9008783e46a

          SHA256

          a73467de6971811518bdb31b0cb500084c8448272215109597fe1b8efc407a06

          SHA512

          6f10736cb1980fb64369c7af40c7878297e9a05ed1084e187c4fda235b6a6b2d91d936c815ed6e7c30d33ed69e88dcb9a4bcff401b71d205262637ecb729d34a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dfb97f85e6b69e6e37326b8baf5af4c6

          SHA1

          69f33ca6afaba5e6e419dd18afb3f61d044fbc06

          SHA256

          d66fd7d43cced71861fd2076cdb2e8784cdb02ee5351e28ab8ab27d1ea516518

          SHA512

          4228a05fa7482afd64ef8adf79f886cc4d9ce941a55fccbd95bb2b166d4e07ca2c426be2324ffa2ec4c676725f7f4d8d192f2a061bdf032274660d43e35de20f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f5b2fb916717bdc10f819cd4efaea450

          SHA1

          3dad6e3435c5a10110adc37cb410b0d0382bae2c

          SHA256

          8bbb276fbd910513411d944cd094c7d89c2c8a5eb064f25796224936b2dcda73

          SHA512

          ff8b79203bf4af28243fa59da06ddc4733a007a7fb78883ffbee0f5082b36cc2e59df01583a805e78f88c8448b38c99f0ec20c6e01bc5bc06e33ed1750ce2259

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          507b1e54e6c7a57828e76f710e58ea06

          SHA1

          d6053014e2a8f635d08afe8319e8e70dfc848801

          SHA256

          e8b1faa5ff4b3eead86b3d2564cab2e9282ca2ba83bfd85db4d4fefd1ddcc652

          SHA512

          a86bcae891819a8d9e236e677575ff579387933c9962118534b8a6090484263eaa7e74a5cc9521ef64673c099e6a89405390de88f6198eefcfa17fc292f128a1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5e10ba6869f93de1f4f5072a61314180

          SHA1

          0a20cad5519f62200c0ee02b0f55857e7210de44

          SHA256

          b8b569fc7ce0b56e7383da7c8d4a5a258b282d4cf17db8480845f55cb7b80031

          SHA512

          5153de774812ecf67643d984c2ebbdc4342fb122346b391468bba7e1c8fed50fca92d34c1b87422bbb01e964146a2960e3db9fce5fff2b2f89eacaaa2787dd8f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          87e316c79faa81ac76d64ba70a7f923d

          SHA1

          fb38309564a0ab143bfeb373069dee1e619a5b84

          SHA256

          a8eb4038b0622a706caca0d34ecf55b67c68dd2ccf7420e5f208c48e45546e3a

          SHA512

          f447cd3155b5c5c5d6ccb668e918f8f88f4e3a3b0851c2deb9227320c4d90df8f862fbb9c9e61d81d5e9f17112a9cd856aa230293ebedd7ad6ef8a50f37f7924

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f20d01d6b3df3f4f981d2b31b1349e7e

          SHA1

          28a98d6471b40b376fe3bbf38d9aa8e91508ba88

          SHA256

          cba31f9b7ff8902cb75ddc48f1a98dd8f1c9ef17187a8ad6e16b72729c789439

          SHA512

          cd0ea929493932efff0fe649e0c4152fa150a1b1b4b351fffe176d41f8944ac4a28e637a6779b0548a4849743aef960369760543d313afa4531998cf3db459b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e91b56a5e61746ad715bb11120696cc8

          SHA1

          c085b53647de9fe48d39b995573e7812be27d947

          SHA256

          43a9821a02598241d524793750fe76618c3e0af202d874403981d4453e5fe0f0

          SHA512

          22d82c714c1c2add72140df9e062ec91c43d2e342b381e6f9060b2ede5488cbff254dd7937d14c3eef871a256ce404907ea0a0dcba45e6279f38f51e138da8a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          224d8f83da0f2f94fc537cab1558afb9

          SHA1

          380b72d07c6e4cbd6e3001b36c2f9245d5ba49dd

          SHA256

          824006939cf6208069f3905e25c6183bc7e16ec26561a2aea017667a8ebd9bd5

          SHA512

          01444ec10714fe9a7630f0a3d14550534bc8990efdaf0c42c1489dfca45c93f5678fe0e3cc08a5c3205a6b7064d95097e247de759b9eb0bcffacb2a26d5fe4a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab41C2.tmp
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4225.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • C:\Users\Admin\Desktop\lukitus.bmp
          Filesize

          3.5MB

          MD5

          7f64ea5c5fa032a26107938b5aaee752

          SHA1

          b55ed8ee11bf8cc43b3509e3f73575c5c997ba3b

          SHA256

          9de2eda32c4ba8e02b9dde51145421e217f8daf007cc4976c169ae5fff25a59e

          SHA512

          117ec0f873815d07d2c321498ed47f9bc7ae465e158b01227afbd4971ed7e4741955d21c61a40dd8d31f5dcfe9b624c63471f64191b83a1da5ed0b9a49ad4967

          Download Submit

        • C:\Users\Default\lukitus-b21c.htm
          Filesize

          8KB

          MD5

          d7f111f15126c477a26cfbc11727f705

          SHA1

          b1cbb6df14f6b3384a40543093d05d926d8c3c38

          SHA256

          8037916bfcc2a67d9a9de39f8eb29c67440c9de0cc641d4e57eed3229f2afce8

          SHA512

          a1323999ff4f64ff3394c26149ff5842aca4015a0b1a7181b2d882758d8d7926f2e361639fe208cb4b9dece61bbe9bafe003d29657c5daeab40754573d999d29

          Download Submit

        • memory/2068-280-0x0000000000400000-0x00000000004A8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2068-3-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2068-277-0x0000000002E50000-0x0000000002E52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2068-4-0x0000000000400000-0x00000000004A8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2068-2-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2068-0-0x0000000000400000-0x00000000004A8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2068-1-0x0000000000400000-0x00000000004A8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2068-6-0x0000000000400000-0x00000000004A8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2684-278-0x0000000000230000-0x0000000000232000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2684-711-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2684-279-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download