Overview

overview

10

Static

static

3

230606dd8b...18.exe

windows7-x64

10

230606dd8b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 03:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe

  • Size

    660KB

  • MD5

    230606dd8b0d62e2a8a04ef61b2d8707

  • SHA1

    5c50cdad090de913d0c87edeb392c8df1af9f5c3

  • SHA256

    5bf84469051c85bd684e03eb46f774cb1e913884c95acf7b210a8a4469da8d9f

  • SHA512

    188e08205a38730057c63753451784a499657380cb0384e7d7f9ed9b5c3d60aad8daeae47e125ab22fd23357920bfd79a69423c5f9d733269160a2a7331df77d

  • SSDEEP

    12288:lMtWh23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:lMtP3p0RzYa+E

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\230606dd8b0d62e2a8a04ef61b2d8707_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2524
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f2dfd2a6ed4e154b14e86679a50dd66e

    SHA1

    f70cc76eed1bf61c6633741222c9eeb699bac643

    SHA256

    79d4c5e46135a839631265a0200a12b948292ed1beec89605a2b0a58a536e985

    SHA512

    d089af48af94de0dd4ae2104df459ef37e91e877a84f9e43eeb92e78a559b8676795a4ed6f180882462a23d1f6f35c11ea4e4bafe19c8d289a23251cd2d922b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    048f6c7ab15cad26993950896796b282

    SHA1

    bcf68fff5321319b7b5b7c1473a6dcd5df26665b

    SHA256

    4704427c2a283219449fa42e46a29ea62393fdf6255a5972ae7355e594903b4e

    SHA512

    58002975aab4e65a7a937c9fb57f22e63f5422047cc7c8bd579bb1aa72658d3286513e9f3ced1effdf525c39c267eda28a82471e7ea0a073b753c20f70c31df0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc02f6fe6cafa9eaef6694c42e6f235f

    SHA1

    63473473c31796648d98574efe20fa651a4c3cc2

    SHA256

    3ac1dcb8945a22514b9fe1be12cdc103c13b4c7dfa44ba54cd10406b2f8dc9b8

    SHA512

    afd133083555bd115beed4dddcdded39214702b3054c7d18e2ca97c2111ab742562020b419738a57c9417ae558df20157f3462ef86b3fff55b70f07f7986f95f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    194c7e5d351ac4ad0d720398bd1b2f2e

    SHA1

    7ebbe62b35b76e297576c9713afd79c759f9e6a3

    SHA256

    def2bcf051f6ff3ecf62cf9648e34d6bc62585099f767196abd63c9c2ef1d58e

    SHA512

    0cbc5192ecd86e5c2ced39abe2b56040314c45b0adffdf35049b729b782636bfa03db2d8a14b6a6777b8850097856a801662e68eb1446bdc28b28003d07685e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    049415ba8d60cf352fdb3a6736fcb60e

    SHA1

    986e367fbf6b290c47f2748f9b89c15e131ff9ed

    SHA256

    80176be037c3a6de9de3f8930930433aa2847b2557f964954a1fe76a80660e6d

    SHA512

    6855e1a88de0ced2ec55c690bd7413ffac728af9e548e38cf5177355dcd709b736689e734faad5f9125fabdf3e39d8d00e3c8e5a451048e80166b1df04239b93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd1d010e3efb94ceccfc32856ea846ad

    SHA1

    3ac7eb5506283bac2b3ee33a4823ce864612c8e8

    SHA256

    965f0a5f90b3968f2488d1e513ffb9b321f4d424ae99af717b2581ea459deed0

    SHA512

    53ecda410b1a4519420c710b261cbc0181fdfc0d4ab4550e6c8a290db1ed86618e3b8b3cc5ebca236ed04a08429967d19cb6c49d92226acd25023a52a3db1a8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8906a5df860ca70eb57f487de5d7fa7f

    SHA1

    1c7256f0973f4f3501106f6ef9627aac52f760db

    SHA256

    e4ad1fde1fd1df54ca4854f06e7f27b5feab524c19cb0825c8aae15da1ca660a

    SHA512

    91b97b876e634a4ca95f4ba17e41ac891c16549d4d9d99d3b84b5b2788ca91e11fa4b6c93bac1b25b42cb29240fa14b695f73ebba9033c6aa732b0e9c709622c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a60602f68c58bb3d5d3c54975c9a8e15

    SHA1

    77baddca784a9e1d1deb5fe5230f05cfb3dd6cbe

    SHA256

    10fc075f39dc5c2d95c3b0d11dd46211556ff31839f35c255a72b152bd9412f4

    SHA512

    f7466ff9e5fe45343e3018d65f5c4abbaee117ec0f342cb1b08cae1a5adcbc41e127642afadf0b8d2c56023e862aa546ff42974c39d6f898962393ae192e8e13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b111923dcdc62956695389625f316711

    SHA1

    da97dfd0cf151878b2923e5b8ed13cba12abbcd5

    SHA256

    55cc41fd1c4d787284135e1fb09adf2ec5f7cbd010864d34594ec01e8e0eaa53

    SHA512

    8fc8789a9cf1517abe08e84c59d4a60b9f5f5441f637958af1b8cced4af782a55a4fbd358578ee53e0dedc633c0dd2b17f51ca971ffd92701f2220a92852d215

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d1e65650612a38ca4f0ef4336024a84

    SHA1

    85a7eb30c3fed5df2334942042bee97cd5bd700f

    SHA256

    2cd9931a04c5f8bbe971f4fca2790dfe1d0199e87505b07f576e9420a7fa72dd

    SHA512

    3d0d37a1543f8c8b8493b0d86931abf1322f7a4d15ca6b1f72a1400307929e32adee654c10715ec4ac370d64254dbebb057744770ec62a464984ba74478aaa30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ff31b68aebe29ccd1caabf8c65679bc

    SHA1

    9393cb2393221c98e2b31ad1655ed9008783e46a

    SHA256

    a73467de6971811518bdb31b0cb500084c8448272215109597fe1b8efc407a06

    SHA512

    6f10736cb1980fb64369c7af40c7878297e9a05ed1084e187c4fda235b6a6b2d91d936c815ed6e7c30d33ed69e88dcb9a4bcff401b71d205262637ecb729d34a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfb97f85e6b69e6e37326b8baf5af4c6

    SHA1

    69f33ca6afaba5e6e419dd18afb3f61d044fbc06

    SHA256

    d66fd7d43cced71861fd2076cdb2e8784cdb02ee5351e28ab8ab27d1ea516518

    SHA512

    4228a05fa7482afd64ef8adf79f886cc4d9ce941a55fccbd95bb2b166d4e07ca2c426be2324ffa2ec4c676725f7f4d8d192f2a061bdf032274660d43e35de20f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5b2fb916717bdc10f819cd4efaea450

    SHA1

    3dad6e3435c5a10110adc37cb410b0d0382bae2c

    SHA256

    8bbb276fbd910513411d944cd094c7d89c2c8a5eb064f25796224936b2dcda73

    SHA512

    ff8b79203bf4af28243fa59da06ddc4733a007a7fb78883ffbee0f5082b36cc2e59df01583a805e78f88c8448b38c99f0ec20c6e01bc5bc06e33ed1750ce2259

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    507b1e54e6c7a57828e76f710e58ea06

    SHA1

    d6053014e2a8f635d08afe8319e8e70dfc848801

    SHA256

    e8b1faa5ff4b3eead86b3d2564cab2e9282ca2ba83bfd85db4d4fefd1ddcc652

    SHA512

    a86bcae891819a8d9e236e677575ff579387933c9962118534b8a6090484263eaa7e74a5cc9521ef64673c099e6a89405390de88f6198eefcfa17fc292f128a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e10ba6869f93de1f4f5072a61314180

    SHA1

    0a20cad5519f62200c0ee02b0f55857e7210de44

    SHA256

    b8b569fc7ce0b56e7383da7c8d4a5a258b282d4cf17db8480845f55cb7b80031

    SHA512

    5153de774812ecf67643d984c2ebbdc4342fb122346b391468bba7e1c8fed50fca92d34c1b87422bbb01e964146a2960e3db9fce5fff2b2f89eacaaa2787dd8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87e316c79faa81ac76d64ba70a7f923d

    SHA1

    fb38309564a0ab143bfeb373069dee1e619a5b84

    SHA256

    a8eb4038b0622a706caca0d34ecf55b67c68dd2ccf7420e5f208c48e45546e3a

    SHA512

    f447cd3155b5c5c5d6ccb668e918f8f88f4e3a3b0851c2deb9227320c4d90df8f862fbb9c9e61d81d5e9f17112a9cd856aa230293ebedd7ad6ef8a50f37f7924

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f20d01d6b3df3f4f981d2b31b1349e7e

    SHA1

    28a98d6471b40b376fe3bbf38d9aa8e91508ba88

    SHA256

    cba31f9b7ff8902cb75ddc48f1a98dd8f1c9ef17187a8ad6e16b72729c789439

    SHA512

    cd0ea929493932efff0fe649e0c4152fa150a1b1b4b351fffe176d41f8944ac4a28e637a6779b0548a4849743aef960369760543d313afa4531998cf3db459b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e91b56a5e61746ad715bb11120696cc8

    SHA1

    c085b53647de9fe48d39b995573e7812be27d947

    SHA256

    43a9821a02598241d524793750fe76618c3e0af202d874403981d4453e5fe0f0

    SHA512

    22d82c714c1c2add72140df9e062ec91c43d2e342b381e6f9060b2ede5488cbff254dd7937d14c3eef871a256ce404907ea0a0dcba45e6279f38f51e138da8a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    224d8f83da0f2f94fc537cab1558afb9

    SHA1

    380b72d07c6e4cbd6e3001b36c2f9245d5ba49dd

    SHA256

    824006939cf6208069f3905e25c6183bc7e16ec26561a2aea017667a8ebd9bd5

    SHA512

    01444ec10714fe9a7630f0a3d14550534bc8990efdaf0c42c1489dfca45c93f5678fe0e3cc08a5c3205a6b7064d95097e247de759b9eb0bcffacb2a26d5fe4a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab41C2.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4225.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.5MB

    MD5

    7f64ea5c5fa032a26107938b5aaee752

    SHA1

    b55ed8ee11bf8cc43b3509e3f73575c5c997ba3b

    SHA256

    9de2eda32c4ba8e02b9dde51145421e217f8daf007cc4976c169ae5fff25a59e

    SHA512

    117ec0f873815d07d2c321498ed47f9bc7ae465e158b01227afbd4971ed7e4741955d21c61a40dd8d31f5dcfe9b624c63471f64191b83a1da5ed0b9a49ad4967

    Download Submit

  • C:\Users\Default\lukitus-b21c.htm
    Filesize

    8KB

    MD5

    d7f111f15126c477a26cfbc11727f705

    SHA1

    b1cbb6df14f6b3384a40543093d05d926d8c3c38

    SHA256

    8037916bfcc2a67d9a9de39f8eb29c67440c9de0cc641d4e57eed3229f2afce8

    SHA512

    a1323999ff4f64ff3394c26149ff5842aca4015a0b1a7181b2d882758d8d7926f2e361639fe208cb4b9dece61bbe9bafe003d29657c5daeab40754573d999d29

    Download Submit

  • memory/2068-6-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2068-277-0x0000000002E50000-0x0000000002E52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2068-4-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2068-1-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2068-2-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-3-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-0-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2068-280-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2684-278-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2684-711-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-279-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download