Overview

overview

10

Static

static

3

371d9ae01a...18.exe

windows7-x64

10

371d9ae01a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    123s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118.exe

  • Size

    518KB

  • MD5

    371d9ae01acc0e04fa5c8deb2955b94c

  • SHA1

    45cc3b5091472fb10a55536efb9be38cd7d52eee

  • SHA256

    7ebd9695846026c58253f7510050a65f35addec806ba5077efe4968643bdd965

  • SHA512

    0b05afdd7c97c0e8d56df09bf37a45f805d3320594e3bb7ce896f7df5a0f898e7b9794c40c1cd442aea495ab52c8736c577b1c23dc400ca15045468ab69c113b

  • SSDEEP

    12288:hVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:hVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukituspersistenceransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2588
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2436
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06eba387b0ec92aaa262d3eca7cdf15f

    SHA1

    0017f2821fac18bc38a5d6f2b783b3635ad69074

    SHA256

    3fe33f8f7db41fae9f4f2626f2c725049cd8c339514dd2d7aac8e4e7a9448bb3

    SHA512

    cdfa203b21a87e3604361fe3f741853daa14e5eb4c6217300f4c4c862900fff9a6b3567342a37091b58c09f212edebce8cad1ba8b38fcb7b70827393ee188ed2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fb822fde293c30df6c9cdac28a4853a

    SHA1

    87baf39771f05c554f455baba51852680ff68378

    SHA256

    705c08cf018403d15733c16f118ae2ea76217fe4df0e822ed9294c60ff2079da

    SHA512

    48de841b4af800f292ebded6085a56a3830f129d1633cd151efaee0eb315599b1af4003e8480c1036381e9ea6003eb64e8069001e7c124b6b378fdce7abcd0b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d43dfcb6909b7cc4f65af2ac998915d2

    SHA1

    967e88077548e14ac6fcc54e01bf87cd9c4b3c74

    SHA256

    ac18625d2790cb77fde9feec4bec8b56279f0820c9bbaf5448b9067f6acfd223

    SHA512

    47a564680b4681c342a730de25bf527b3a6a29f7432ac69271df7efacd382cd7ebb30fc1b363a4c4d371a527b3a31404dce5206144774ad781517d7f1d35f9a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8331039ff9c72bbac17989829f6478a4

    SHA1

    87699d9bad077e5e91aee39b4775c7314838a875

    SHA256

    cb1f6a0c5e5297d74ffded421c7b47e644198be67a8261263287d549c7f9a591

    SHA512

    f621748108d7e398959600f7d2781a8115fb13e7d9315244c74b9e4b3d7027ae249f74f79b97456612df9fcd87dbfda75cce210255204e95a44a933790187851

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    913ee1f2c32799a593d150d6665aac45

    SHA1

    9b2907baa00ec7f11bc14c258e2361c9fc539bb0

    SHA256

    178f0f53be8bda8f2fb7f712c50e64ad0caca3da1c4826799994bc04b240b9c6

    SHA512

    a798d788c07e46a3dec26615025be1bee76e2168195070c8ef65f274a96ffb11fdde6ffaa86c0bfa040fbc46d9f8e95136fcb351ee9657f1fe8791a2af057672

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1812e8ffc56df9a17c4b1c7f27514943

    SHA1

    a706b9e2633081887ae96b76eb935cb2bf8e8109

    SHA256

    9586c876e1bd2dda2cb75d05a6e8447644ddc40137693157c98c6865d92b043b

    SHA512

    e3868b354693ef64cdb337dad883fb3fdf4def259edf06fcfb3fc76bf35fc0207926fb235016d39535a3768cfa85a9a92a0ce4b9770a854750696e1575912144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    121ac2e015a3ab3696f7659d20654d71

    SHA1

    063ae161781e7e223b8623953de825f245153789

    SHA256

    b2b4b39713b759fe1ad20fb6598bab480d7703be31c3c4aa6763200e1a459518

    SHA512

    2f66de3a19fb0c43b763d3739301aa3f22c19e0d501f01843661237ff6219f6043d98212f87cae037f7467368b97f94d661ccbca05d49eead3b0c4c51acf0377

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9af9aeacd282df837f0d7a9a7f2c8c94

    SHA1

    9c776836c6a7d2a18310f50bd76d78c71ac1303f

    SHA256

    b2333d06724ef96849396cc735a131e0dc52354a1374e3e6db4873665a336886

    SHA512

    30259b1427df27bb9387b62f89f72fbd970e083e38228b0b42cb08faf96b72bb3893e8364232253a4afeb0e7b3cd57c2d988f00aeaef70c7ac00c4103930d7aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd2c8e1f0b24e780caca7094a34b08d5

    SHA1

    66ffd03c589189ee7cd0b22715d5a679d7b39e85

    SHA256

    97bcab23799ff4e9de78ee4c7a4fe83c3eb724e397a2688e56d6c33ec544e600

    SHA512

    8477a95aaac4d2fccf1387a5cd37db13c3e02be09e0470b4fa07e130bc11d5223df6613ae237d099c64d3f1508a6cb0c8b4e5c064e923e01f7aba57d16f3ef7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAF35.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB012.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB027.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.5MB

    MD5

    352b8b33523665a25366af7a481dc4ab

    SHA1

    4d77afba4a24b325ad8d3d6695774400b107ad38

    SHA256

    6c484c692dbb4faf59198b10fa5e24975377d339f8da17be88700176a955d7f2

    SHA512

    787dd00440d2db0f150977e4d88d914d0e25a2e316b5e9c59a00cbcd6289a2f4a34e5c6ca9e68081b241d4735da7af182d1e0837432ca1ca4eb41ae1c26f7601

    Download Submit

  • C:\lukitus-33eb.htm
    Filesize

    9KB

    MD5

    c0ba4e9634f0b0a825fae88901105f33

    SHA1

    2553cb53fa81f151a85b3d9c0bdedf4ec5e268fb

    SHA256

    39d6fdbbe70d081657d0c6e6857241c7ee8d950cb8218cc562011306ca0db7dc

    SHA512

    fca01a0a0a132c1fa9dbf25497234ac20e17f07bf16f95230087ee4f18bafca33c1109e2cd815c04159fca1e149478011f9ff5350ba52219344cba159a284eba

    Download Submit

  • memory/1924-278-0x0000000002330000-0x0000000002332000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2020-279-0x0000000000170000-0x0000000000172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2020-281-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-757-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download