Overview

overview

10

Static

static

3

45021a1a15...18.exe

windows7-x64

10

45021a1a15...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe

  • Size

    520KB

  • MD5

    45021a1a159dea9952ad3494b8d49852

  • SHA1

    9d410c919a965b80ce451b8565286d2f9de05b23

  • SHA256

    cefb526d4067694c034c8c578b38d3ce68fdb56f10025dfa30f39f0556286d15

  • SHA512

    c426327ba46ff80c2c943e41fe2417fb2dd2628f9a2431d1bcae390fe6b7fe53891f40436b3cdd8a661b5f954f7763bbc737225360bc29ca16da00fc1efdf83a

  • SSDEEP

    12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2436
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2992
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1b3581774620786021ce855dfe3d81d

    SHA1

    1ee55c460053de411ddbabd331e2989af43a6100

    SHA256

    5eb59a6e9c2e4fe4e4ef727556caa56e2144d147c822c3d0681faf97011f2010

    SHA512

    828ae3201f26db91bfbc6511b854b564d9bd2cc1f680ab6479a597c3a09a00c47959681ad3a94779642b6e942a64b34cc0eeaf7305a507663303d9922f35f272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae694bb731f9bc6cbd57f12771b32d5f

    SHA1

    1c5ae4f21b57ff7410aea7fc0705157b5f8416e9

    SHA256

    54cba2c5d2e6a9b8f2f9f32a2305aecb30c432d0dbce4b9ef44ba3cf316b4598

    SHA512

    daab7361658a07026f2afbb4cacdbdba6b9849c34e1410c810d86aeb4bff56a7ebd999a1fabe778149ebd3b3d4d40624826117e5d01d4a069126772ad23ed5ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e06eb60a8eae1aa63486f840bf9d618

    SHA1

    dcf571112a66e1ebe33262b7b8749d7a3b62cb92

    SHA256

    f2cbc026188d02a7ca09b3ee1fa8a0e7a7b564e154b2376346f22da485418785

    SHA512

    998c1021d7e41b0854f1f4b02bc1e9cbead81ca2845109983c46cc1220e43325335b7d7f48195c648c9df687a25a9bfe5b90db49981162ebe534ca6c8ec4bb18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d54502d2ef8527b0b40faa1ca760d24e

    SHA1

    47f3bdb8b13b6b471bb146c2894cfbf76497818c

    SHA256

    32593e7c05b82b6fa3dcd213e7df07b55e50b1a8277d8d4cac3610de7c6691b1

    SHA512

    8df05977a8b32130d30700a3c34dd6f71d005300fa0ad255002fd3de0927ce8b695a22846f76b6175132c834ded93efc724b576f5dad51b2bfc15c43d782d566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    554a45ef7cbd76257d10435b430d8e89

    SHA1

    db9016253a80c091944b47457a34657d88fa8b3f

    SHA256

    d61c02c0cf063982a758a07dba0aa268df10c050f5adf182471266bebf34f5d6

    SHA512

    cc793139fd4c841ac5e42a9c981204d3e3b2016d9857f0813ab4113b5fb0a3a578671739f5e3a6e4384ded51855ef06ab45b99d4284d0fdf0a9d9680d731c1d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    940fba64983e0dbd4243a8ba0f8b3418

    SHA1

    926b5c668da8998770ea7ca07d5d0e3471962b84

    SHA256

    e738dcd7c345b07ddd72e713e0c69f542f380aff1cc38492cb9f40b4e9b763f2

    SHA512

    9a6439e627861e82d35a4c2c972d061a1b860ad2638215407e0cc809c3008ebf61fe21802af2292159940861c9e1099d307e636c5a66ec1078caf545e5cf10db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ada71169b2cb4fe9b9d8a1d310453bd3

    SHA1

    a0a6b28f7350de43f351788aa89a7fee1bf879f3

    SHA256

    49adceb6022cac20ac9b25a1fbcaa2d157ef9e54535fb2eccb8b0f0887abfdee

    SHA512

    1bd15ea07bafaa27dd2bf43a175ff0be77fb0bf1502c4d0b0c6f30e3ab1277cd2846a5bbff252c9971c024254a53d79c542e1e5710a3d4390748eda1684a049a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58b79c3a32a67ef09bceebfc985e9a56

    SHA1

    65c6043b3b336396750b8ca18a87a1ded9e149b2

    SHA256

    e6b6764703d56e857c3c9393a83c748955950bcd32561908e0649e05f413e0d1

    SHA512

    2fcb18e89983f2367db2092916631efefc7b77f2261a0f06c93a112e15625eb5c57d3b85f057002e712a6446ec3e5e224ab46c4eedc381967fa7fa5d194358a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d5736c89c805b808465ad5741af704b

    SHA1

    c061a7368c1d6aba960464a0f587968bd8dbee32

    SHA256

    7edd93165f92d3b337871ef1753c19410187ddb28a5e7365ca3055628a07bad9

    SHA512

    c8a7db6a2a650800bfe3d86e6cb775c41c6e4f3f5cb905817b3cfff2912c287323403f8cde47e2a3bf8639aa9d9216ffd21a49acf372db2a6375ae304595328d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e94385677bb8935868d3bcfb8b917fc7

    SHA1

    7a64b4d0456be16098f75cb8bb9516316536f01d

    SHA256

    86233303406d0c57f145f71dd03887d41818b20108a49f73bc5d9a79e44c7f09

    SHA512

    e7dd93375cbe5df03ab2e14f7fe6028bd2935b197898e0bd4d160bb30a74271632b5d703a3b86a682d6d373e7a49ff177646145138ab83ec92435bec602ad2ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDFD5.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE0B8.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.5MB

    MD5

    07b04f400b9ab0e43706e91af322ee19

    SHA1

    413c844010dbc1458c9bdb4fcc3d6097c91a1d7b

    SHA256

    2fa6f8e77bb411bc6d158ec4fc245ee9c77bc8303892fc2a05e7105f8df1e9ea

    SHA512

    2c0ba9e1bc2a0bbb62a4257506d2fe4bbf96ae6d51f59b0c1af5fe284ae18a386c74fa2227325cdfe5995a5afc72019f5ede7283f91ebbafabf4537056d7ae83

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.htm
    Filesize

    7KB

    MD5

    e012338b68c6829487aa4b2ba9f518fb

    SHA1

    87accd3c13620cfd9f31a6a3552c26b0e4988313

    SHA256

    64f8868cef077514dc3f3af05b2bbbc8e4ec8ec63ca1e5b2f0912c4e239729c0

    SHA512

    e4af737ceafd66e2d8a0a8d6a84bbdde4fc589ba495df476107e156a3788c43cea7d51035a8a110cf6219b68dc1f1bf654352caac603a9c3df59434aeb5d2c5f

    Download Submit

  • memory/2188-279-0x00000000002B0000-0x00000000002B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2640-280-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2640-282-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-758-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download