Overview

overview

10

Static

static

3

40ebefdec6...18.exe

windows7-x64

10

40ebefdec6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40ebefdec6870263827ce6425702e785_JaffaCakes118.exe

  • Size

    654KB

  • MD5

    40ebefdec6870263827ce6425702e785

  • SHA1

    6eeb5a2e81f54e1eec1eb7af2ed621504011065b

  • SHA256

    0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d

  • SHA512

    62e1f05949536d7ac5ae878c5eff25dda11cb44073c27d93a203b39fd029664b17966c60a047bf7a3345ab0bee99548b589fef20e8257c8351c18fbd6459c54d

  • SSDEEP

    12288:/jmKnV9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:/xnfS/XfuDisAgbeUup4OY9+F

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3032
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\40ebefdec6870263827ce6425702e785_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2872
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    223615dda810a13c9bffc200cdf868db

    SHA1

    a9ce5f82b7d6a5041f3fe4fcfbd454bc5369f604

    SHA256

    998e37ab3db777ae1ebdd7782c331b65eb1345a1b6f708d9acde11280430f0b5

    SHA512

    8c0326e7d8f02b49f74cf87651c8d99301f995f18e950128ae78ef75832d059b19616aac4b44a1fac08f62f0670a1a08fb67a43e2c1bdfc8d17347b20e47f951

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42a8296ccd1d446645dec065c79d38dc

    SHA1

    3fe8be9e8b3aca97ab7a23d585506a5fe97dce01

    SHA256

    683c8f2883445fd5f0f48e9f96bac604ff1ac26becbffa1362cecec74e0995ac

    SHA512

    87d89d9b6383c0c70bccc8b9c4f46ad3f00bf7e1caec710bfc0c42851e39df5da70ff1ef1fc0af9048758d1a8b890d359b2334a8c4fbed34af8a444777ebc2df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3fea99e068943e705046284f9937a272

    SHA1

    353b9f2595add03a4f050aeb2318782a2541373d

    SHA256

    f728fafc11e65ee3ae55290bafb42cbbb2dab54c9ab9f2ef94f8057b6cd9e897

    SHA512

    b37099295b1067a9317785b5f31b17c599b763330d607498447449f696b6eb7ef738c0c8e18b7b2baf0beae35caa7c7d772d14d7eb07b7c70a2bcb854ca1d9af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    020a836f1b56710a70e71bf7d8638ed4

    SHA1

    9763e7d391f209da6553471e53636a07ac0c4c77

    SHA256

    a0122a910ac430c4de3535436810d69eae89293dc2feec382046d33eeea25aad

    SHA512

    04f75594a4d75b6fa185539010d84885e41e8c8ab6c39d8401e0c9cdf64f59af35843668eab4d5568979e6e8ef68027947392c4e817dc3e7f2ee9c26b57576a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d89f0acae39d8c0a0458bc7fea6e2a1

    SHA1

    fbf355888007187a10938942899e9d42bf90cb8c

    SHA256

    fc23e71338c5db4a5d4394f413947ac81c4f9761ca66ab7a66c70647d156fe71

    SHA512

    18373bc1ad065093b8f01a75758371461102a662145a0e1f88a799e7fab85e25373b50a5a1eb4eeb2ba8f95f70b73de061ee8a79dcdb9412a1d69c3002aa194e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    60418018e22a2c53b9d014b75a32f499

    SHA1

    ea2eb6640ad58a7f2e7dff382d6ab2482d4b9b7d

    SHA256

    6a39d9966a4e5bc80ed91fe6cad7016e0ae0a7fc3140d303b89b240577a8401f

    SHA512

    7ca8169ac5f8bfe9059af12a80e9aa68b3ca66011997cb29205b3df7d1ac5c77188017cb8c556c10650dd87ab771f1eb121c707d130b856099c5ac28c9fbf7ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9e5851941f2a43593e9e46c7b03dfdd

    SHA1

    099499e33279619f64dbf071faaf571ad63b5373

    SHA256

    f6361cc9577402b1e2627c1f7424d8ff32255e7416360dd57a0c2f1dc56fa4bd

    SHA512

    29c4250f6a8f5c5f096ea8fb35c50a49b1f27946e2d62037d2d209bf4292fd910f50abaa66614e0342d7bd208999dbb237181648abdbd04d690955a8969d1847

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f80d08d9cf365af0f39664145b0333b0

    SHA1

    172107096e7df6fc31d44e64d650daf0a7c739dc

    SHA256

    aff252c9b45aeef05e4c13525031540e06654ec7ee74b20429835dd0213b0d57

    SHA512

    8f3c487aa3f4d8e4aebfc758f0616b4303ef560a02e4c937d5409f0d661a7fbcdb2d3ac87bfeabcd512bd8e07f15b406fb682489c540c8df6da3b53b869305b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fd1e2d0ee6ab12378017132aa5891f6

    SHA1

    d3e409d4ac0df77c5707df8b912c13e55b4a5cfe

    SHA256

    f23340d007fb52ac07b58d395c8fd5d17976799d70bdbd9f767b26c1a2abf915

    SHA512

    d2911da1c54b211561b712be0b3188cfea9faa08a3dcefa1a8508720803366a87d1ca8ebdd4ad4cc7ff42ddf2562c42d481e1adb1198c3f76b2fc467ca8fd9d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab71F8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar72E9.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    05905f3335010f905c94e2931f69cd90

    SHA1

    72fe8ec4abf35338384146aef404ef929dd874d3

    SHA256

    87f06069085d954e2eddcad08c492eae8d3c44ff099b003d0cd41af682d716f4

    SHA512

    fa965148dc32f95cc7d50475ea021485c0188d7afb0972184b545366e8aca6de417ef55ca5abed16a221acd7dedf8b815417c3cf40cd7706aa2d70161d29bd18

    Download Submit

  • C:\Users\Default\lukitus-70c1.htm
    Filesize

    7KB

    MD5

    c2ecfd44c8631ac3a40bf61196410b76

    SHA1

    6c0c47e9786f389d181303f6bc1523dae0c555c9

    SHA256

    0dabec65d4311836bdf935c7a6c4937a5b4ea30dcaea741102504be245d7daa3

    SHA512

    19d0a9e4f50371eaac036dcbb3e4fcc71bfa2a68fac27e06b4b1678a84d3727c85f3aade856a62cdbf6898e573491e26409cab51ba21a52fecde51b43f354bf2

    Download Submit

  • memory/1496-757-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1496-280-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1496-278-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2260-16-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2260-277-0x0000000003830000-0x0000000003832000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2260-0-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2260-6-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2260-4-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2260-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2260-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2260-1-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2260-281-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download