Analysis

  • max time kernel
    136s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 22:45

General

  • Target

    2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118.exe

  • Size

    659KB

  • MD5

    2c163be10c2dcd9b96243bd8175889d4

  • SHA1

    d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29

  • SHA256

    a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371

  • SHA512

    350f8c56929d87d0caa0993c5b6a6a2e6d9f7d753ad5e94a36538fbf2b5669c3dadba0866d22d1d5f8f4be6a4eae82672cd5ed378535c07c7e51c88e4e5b436f

  • SSDEEP

    12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2c163be10c2dcd9b96243bd8175889d4_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2628
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3bfbd5a238229318170c0c5819672597

    SHA1

    df2572a7e4fab1639ea4308721a325d03029b10c

    SHA256

    363678f2721875e501cdce1a2b02e4c26cc10bfa772fc39652e7116e2ff68d74

    SHA512

    7a430ca3599e6cc9e9146a8d6795f2208828b722a17616029f79d14f8aca054ac7663ca546dbc6563a2148bf9697a8a42b172d377f10e7db6e5b6445a977ec67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d277e32aff8483368d3dabcded97271b

    SHA1

    42e4bd7840f73b7666c1c73eed81129dec515a9f

    SHA256

    d1c7b755a6241c53d5be6aa49c826ea2fc8b7b0fbee5140d1633a28b4e4d598e

    SHA512

    09da443754f98d150b3ed13bb3f858d6f5eb59ccddf9e4e22de63ced2329a4dae799d4fe50304002f720c175cef0d7e054aa759d708dab1f434820c216ef6aef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7d35eeee36ab87a76b3b83e9bd51ceb3

    SHA1

    33a99b21c99864e9b3d5f430811b8918290cea12

    SHA256

    8d7ca8ae024618d152509bae0243724aaf9d9b8c57b186f18794ef772fe9cc1b

    SHA512

    8d4fce4132f6e5291f4b1f54557d832d9878585532ff7ee772a2e2e73351b91c2c887f8b26461b2343931c223810ba1512d7541add472341e1225f6b7dcdc9bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ae3100719cafe48b1afc91f53a78766c

    SHA1

    9d82ff7db2ee60edaaaa60871c04401848985b68

    SHA256

    ec15a77b8dc5cb2eab90aa3d5474071c25c5697538642e96c0ed2d592d2006db

    SHA512

    7765b79ebc53d84e048e9cde3a9ccee81113c5da81a94600c90313a9f02423fbf763df4603b5854e1979a45ae049c3a2e48627534855e1c6bfa4ad5703d705bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bda417504941d484475ad85a77ea1037

    SHA1

    1f00e87e9183d8454b2942d4409801094f34c19b

    SHA256

    6142c21dea8999d4a52f423c682cb71c4a79c937fe42bfd89cfb1ae7e07b74c4

    SHA512

    881e7dc2d9c8436f94f5ef08c3846b2531fb84929d0096598dd920b34f69ce8fefb748076f765e027852bbbfc27b6fb1b4604412a31edf1b7e676cbffd2186e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a7b4632aa09239a9942563f3e6d429a

    SHA1

    cddbe9f3069f990de5f65d03152125b789970381

    SHA256

    ce99b0265364695413e802178a63a6c9c75f842f9d4387ccefa0ca39c5f540ee

    SHA512

    99fd99750674e67f74995877fc1b46250f923c090773f5d5662d4762cc5d389b4630d482d2ba671f64af8ee5f12a8a5d764c538374409536df1ed9a97128e3cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dad364ed0af09b8f920da7c05195c88a

    SHA1

    395b178f1a18f6c6ef469a68973832cabb9f523d

    SHA256

    44d1482fe10875b10722e3c2f47594c73017010242a72aef2fac8b688d452a29

    SHA512

    ad5d958df8b423f46ee93cb89e95920d33f111f03a05e2247dc6f116d72fe7c2e84c7b2ee7e17e34dec8f119a992c639564fe791a97a9341d1f4f5375147b76d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b4f707a4515379012b03da422695cb0

    SHA1

    fc553e5244bd2f40d8ca996b30ee0da63d17450d

    SHA256

    6faf2e7a92a9e7891a6a4bbbb9dec28b79a4eff8ff9f481f992f72f6ef9f8144

    SHA512

    f8245c9bf280cb4aa0603976eb325fb75e65205af3cad8f9a35587c71bc95770aa9e4c6a6303cf6e0d383a97adada99158c49b280e2598619f2d96d9c0a6bf17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa2d22e8483d05b792498a653e684592

    SHA1

    6411b327862782cc79f03fb35120de92f139b4bf

    SHA256

    ec9e14da6d397a2c92b52eec772a4a2281b9a319f3972825678afd2d556fb57a

    SHA512

    6d84b248d7c5828e3fd7bc4d3fc9e9beaf134cae77be096328a5618db187e4bcc1af6c76cf3e6c9e11b95044750a444f8338d0d7c11631cc5398dda51e2ae9b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c71fc5a36978a233237c8b8ad6b9b8d9

    SHA1

    5a9822f213fa3d6af7ce5de2efbea05d55bff89c

    SHA256

    8e12cf47032ea03d7038a673072e0746d6bfbcea748de47ab8239483fcffaaa0

    SHA512

    e7b395b1387ed54dde7ea0d64352bff077d8472ccd0173646580aa7652b0630cb91357c2ff46d1fbf8d8431a7f1360e35bd47a849b27715f81d069e26c970932

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0bb7b5466ac0c609c36279175b3e0483

    SHA1

    c0a7dc73b3031fd75b81ccd137d03fda76129e99

    SHA256

    38de17384bbddfbb726029681b69e77d959a4a00aa874aaec4c8adf37a2af1a0

    SHA512

    61f90f7e11338d4adeceac69ea0fd62a07e18cbe2d5b5cb4e4f5ca22cdc282ed539aab919e7f633933d0aa56539c6ae50325dc120574dfc847ff3364ef80857a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    03de819330af72d1fff81ad5097f7333

    SHA1

    ea20c372e24820c32353205585dd2860c9224aac

    SHA256

    0922b4240ff636f1c5508e91005472d8347e64e58c23c8249ac2bb8bef1e4853

    SHA512

    d5f829f46891c98ed3f7550ef81b5a2ec1af48ccd7e461f0eca6b4113e9afddcf8b217afaa351e6603066a3b6ec4d400c585289dc2507f792c891a40e490c70f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ebfa301116a7c3e40967103339083aaa

    SHA1

    dbf27280a844ecc9c252442b1f90ddc6f2f7fc0f

    SHA256

    a189c491b8a7d4a6170e83e17503ea3de8779c95c57137f0fc215779daf67cbb

    SHA512

    fbe9a88476c97ce09aa1ca9f114fe7026c24e2d8eab7fd620aa30138dfc1baf3c1e1ceace9938ae56e2bfd12fc33a0538ebffa15bd22caafd845d55c1f7c33c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    933699d1e126b9a9bbb013cc7b908eb1

    SHA1

    d095f68ca5dc9c43ba96b311dc7146dac3a57da8

    SHA256

    7361ba13da9de793322ba020da370e31fa90ab00d2de9ee7d708a6284ff80ab2

    SHA512

    a0f7b74deab4a2e43b49bc98ad6fd85be6dc27cf7bcf9b8bfd91ae762c74945becadd8abed5f92b874ce1a01f625d1b5326a12f77800b06419db42da13dc60fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f6c016f652f6da38f40ff481ee7a814

    SHA1

    e9a4b94236818741d9c6c8c3f6e5f5643171df16

    SHA256

    4c24d50449efa3ac32c9eb14663631da1103945aeb0da44f1618ccf861ec52be

    SHA512

    ec8c70cbb26f67e0663212b6dd98dfc4a1a47cf1d4344616a6c9bca361c25cef3d3a761c69b5ca23921aa6e4a2e3fddda4d470db075b41482856330c33bb3ca4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6b1f61eab3e9c418e406419bc2db7231

    SHA1

    b1c2842ba7551360f0909db5613b2cd381b81d1e

    SHA256

    0a15925f5a53a3b56df168fedfdf37dfbfd1efea91f21c5f0fa408b342f75ed1

    SHA512

    65817b9602e2b5e1b9ed8b28e03ebc318db22fc5eb412060fefd01ffd6b5fcff2a4b4701a6e132611964bb556bd861b796bce0b8d8feb826caf43a37a52993f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c18a2477c03775b5fd0c46f401f8613

    SHA1

    1984ca5ca32765a122cfda7c0149f83ea3d853ce

    SHA256

    e153b4eda9e7c75e5f909bad73796bf0455132340664f302926c1961962e3877

    SHA512

    dafd9828f7f13cc87d5e20b2d9f68c139bdf41765cc69828dc662014664a786aaff90ee9f85fdf55f46589e7ddede12326ec79a9bc6385a9e27c9ecc93e910f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f7b417ec6c09a1d813bdee8238cd0d91

    SHA1

    136bff5b83a24f8ed00220aeff5e854fee4ecdd3

    SHA256

    8ca450b2d1226734c0e285314a481fcc45b75ad594b4eeb2ddc35dccc1c2392e

    SHA512

    c4dbbee6958f8fd0616c189993366145f4d691296c82328b3beedc7f952af49adcc40833dceeb920773d55eeb43225714fe929a751744fa6b6ded7ffdd24015c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d85720cf2f55ba7950391ee04db4615d

    SHA1

    2c66b7e6c1cfa85a15f4bdbb49fbdc5ceb4ba541

    SHA256

    5b723dbd8b1be786d221351a74c4a1d92f653b44de6117fed3c6198ff28f6b20

    SHA512

    37cc3a618473a9e6911cba2a8c89227e390bad543ce2f26b42434cea7516037f35304a3073556e527afb2aca93b8707d6534b5c47b9980f385af841543dde6df

  • C:\Users\Admin\AppData\Local\Temp\Cab3313.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3366.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\Desktop\lukitus.bmp

    Filesize

    3.8MB

    MD5

    b46d04a178efc87815489e2279e55309

    SHA1

    4c1a3209765f64aeb667c4c446c14d784374f98f

    SHA256

    55efa61df4b3240fc905bce945f73710ebc28ea6be426d392da500e88ff9d7fb

    SHA512

    907134ffe789384719a4c264bed94041f9157f7f7a4b32651730f9dcd1a0fec6c821ed004dd7a61abbeef0cea094eaf16ec4d1847f4b64049ba366f834420d77

  • C:\lukitus-755d.htm

    Filesize

    8KB

    MD5

    6a97ebc06884ca7a58a658c53287ec79

    SHA1

    b604108bde9a76252db4426997ac5261ad93e9a6

    SHA256

    a0958fbb14d0a28289f080b7115990f36243d19f4af39e8b264f4dcf74251907

    SHA512

    d784b996fc6c3fbd98ab05c5691e3498b3155fd8ee7a7badd6272026bb2381c2dd75e592662e8a0c1e9ceac2f15e29ac580f23e94fdc7b6d17fa59eeb821d817

  • memory/996-289-0x00000000000F0000-0x00000000000F2000-memory.dmp

    Filesize

    8KB

  • memory/996-722-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/996-292-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/2044-0-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2044-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2044-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2044-4-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2044-6-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2044-288-0x0000000003730000-0x0000000003732000-memory.dmp

    Filesize

    8KB

  • memory/2044-291-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2044-1-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB