Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11-05-2024 10:12
Static task
static1
Behavioral task
behavioral1
Sample
lock2go.rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
lock2go.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
lock2go/assets.js
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
lock2go/assets.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
lock2go/lock2goV1.3.exe
Resource
win10v2004-20240508-en
General
-
Target
lock2go.rar
-
Size
39.0MB
-
MD5
42b986dd380d029466a821faf08a48f6
-
SHA1
5692ca918e1fcdf6ba36a0c4153042b404eb5746
-
SHA256
5ebe5f043379b3e10bb40e8a27653b93e71f51c848f7d19a96cfbe2b4d5615b5
-
SHA512
d28bf00fbba9579bc1a38ca06d20697d9ea7d9d7e69023923b38b4788adcde5bf15515328732eba4b56dc00695f5b096205166c2505353f610b5125fc30b9c60
-
SSDEEP
786432:mEFQRgyKkmove9sUB45+Qu4pdhMksTCz4siqIiZNrhR5b:mr9uo8sD+kpdhPtiaNrhnb
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 620 wrote to memory of 2736 620 cmd.exe rundll32.exe PID 620 wrote to memory of 2736 620 cmd.exe rundll32.exe PID 620 wrote to memory of 2736 620 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\lock2go.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\lock2go.rar2⤵
- Modifies registry class