Overview

overview

10

Static

static

3

683cf9bccc...18.exe

windows7-x64

10

683cf9bccc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    683cf9bccccf3ab30d8655e0fc3996f6_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    683cf9bccccf3ab30d8655e0fc3996f6

  • SHA1

    cce97b2446f962df6df17785bcbae3d8283cf523

  • SHA256

    73cd7a019317b2cabbe269e5afc88b1fcd0508797a7eef4e9f9d3cdc1840fb4d

  • SHA512

    4d7a45db319a9e3f5fe14720b9bf2079a128167e5bdbd7ea19a2b5649b215c89076a1fb3a7ff51fdad327702001c02e24add3f2e85ec977140d883b663a88135

  • SSDEEP

    12288:HBRpTekU9TDkYwXkqqem+1tom7OxiWwHI1DRJ5hTBH41CXYXHSe2:HVTLUJQua2wo1DRJX1shHF

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\683cf9bccccf3ab30d8655e0fc3996f6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\683cf9bccccf3ab30d8655e0fc3996f6_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2788
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\683cf9bccccf3ab30d8655e0fc3996f6_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2584
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f044d25b87493436789bf47e3c038ef4

    SHA1

    1ad5681a2b2cb6e88eb873a5894edf98036074a1

    SHA256

    aeb693e5d2807b5a1b666c3efbca5aa590b452bc1b977d38ce720f8985189b9f

    SHA512

    6357d5e4c219afae045758945bc4ecbb203e6d0a1048b7cc56e4c98f25a5f63b85518fedcc50e31ef0cec09e2c3f379c8c20d527dbc32933c50f740b8b702c18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eaf66521670752487f3467e35c247a9d

    SHA1

    aa5e22b205abbfd84c34e886156b7bebc9a40cc6

    SHA256

    73ba176a68ed00230abb9366b1a184e0b75829f4e2fac742fd4a20164fce77f9

    SHA512

    8deb56a20d27d888206034b30881020015306c76e797dbe53a01287abb33b4d81f88aa0bf55faa6a6cdf7d89bda317af546f47baf07653a4cf7168dad74adad2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b98693f38c65a26be045067793b22c46

    SHA1

    ea99a9d4d7736d4ff193b90988a9351524a0969e

    SHA256

    dcbef40a21bb4790bb308511ecfdff0511601a9011dcee2a87026f8861bdf50a

    SHA512

    3a37a88dc0c4319e7f29c715d9c50a251894a1a00c7a64ab3be2caed193f1fc108f4c17030ff33e596424bf4f4cab04cd47813df8acaef938b8cf8e142a422c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b41f8989e5b3c93a42a54ab942906c56

    SHA1

    06d74500a5aea9e37047da754e9c0d455e8afbe7

    SHA256

    737a3f9f67e97775d6ec9d1adab353cf1b74c7f4bdc4918746142309d561f967

    SHA512

    2ee0d858751e105c20cdf61626692db7cb4ea9dce35ea698b7312755936f420305c96d8d708d010a8c8b35aa36a5779ef0a3b62a2c542f61c9d5a1f112e75b34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a86bfea545ec24065298a7f3aed0f65

    SHA1

    9d915a9abc1dbd8021527ddf117d5dc9e1417d1e

    SHA256

    d04cd741b4bcb6d8f577fb784621c7c3d1c2c5f7c23ddc49a395e5aeb94ee49a

    SHA512

    69d2068bff1bb6b30154408cdf2cbed7887fcb4bb4d24f66ca93563bb2f5a54f93232dd32547a754ec78fe6cbeeaf851eac6bffdd7dceae448e2eed90bb2743b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e90e65a80f60da10d43830995158ed7

    SHA1

    30c6984b366934a9dfecd2aefb119e3997b1568a

    SHA256

    ac1ce1b654f248abd9deb1ae1ffc39bf4c6e2410b7030556713bc64a822c104e

    SHA512

    9a363d5296fdc3c0489b092599390c4a8f481b5f7ce6e42c0c38ec42f9e1ec1bba4a9e9c0ec70be4a60fa026b4573758a6a7031ff432cbf719144e0db51f2bc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af79a7aaa8eb3a1189aa51384740b6dc

    SHA1

    0209a6397605e37426b2fc1a64145fb9f57ebae5

    SHA256

    66a4d5e23572b302bcc62c3d4baf7f6cbb2c61d791198a0077aa51b8533540e0

    SHA512

    52c6d4d8a78fadc9a2866b766a21533cddf8d7002474b7606fe085163cc1ebc9202b8a9051feb5c415e936f3215cac4918d61076d74b98c63430b34f9b2d19bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7aa335e8fb88539e2fb46098209b0d2

    SHA1

    5cac3af7a3d81f2c5ea39b9b2d007e2c6664b3e4

    SHA256

    df245599cf805a1db8fb5f96afcc07e304e1bb7816e152e7ffa279badee71c79

    SHA512

    5fdad3594c04fb53a45e2eceae1a530ff268c0f8eda9759a3c25c1fc7ee07c61c059b8ae85ce41a41c8976aa81e38ae3d2aa865bce6fab47ddce699050b08ada

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    422347c01f45645d70a09564d7ac46a8

    SHA1

    cffe9629064f32fcabe5182bca0baad695bdd2f6

    SHA256

    3eed3a7526f4e277097eed1b8481caf940ad053a218d1a57c4bb153ed4342a20

    SHA512

    cb00e7766553e255793fe0de5edf190adc58f05c65a466395e68eaa3703b4072eacde5e14256a5f779b18a7a98074c21c76d518442c7318ad6e1cf2dce10d832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    788574e9699f355372f5cf46ac3564e3

    SHA1

    750aa529b11f614b068925a833fa7c0feb519ff3

    SHA256

    589d55e0923eb79c0e8a6ce036c6344effc5c7458a2c721bcf418b8ac7f3652b

    SHA512

    bd07c9f2999f1bc96e08132cf5b41c4aef2a8c64b64be43b8a1af45abe3120a6e25c36d8495d98758708ff4405bc8991a2d9fd55c01779d1681a52034d0c14b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab960A.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar966C.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    4170e0027b237491450eb09e52202516

    SHA1

    ea5b5336e13e58cddeedce912bf10f58ca524a60

    SHA256

    47b8ed7b5fbed876a185c328f270b88ac4c87e532d435d7adfa79a302f5ed7de

    SHA512

    b83ba8a832d7715d9af69308e49db47248e38099bd06c85d4191ba576cf4d0c436b23d2d3855c81bd480a7b6ec81d7041acd9ef4d7ce8f385ebcb1391808bd21

    Download Submit

  • C:\lukitus-3faa.htm
    Filesize

    8KB

    MD5

    475dc6a0091be6ed6e2e7105d34cf2e2

    SHA1

    c235aa1ff87ea060e9f0dac6f72a4a49890576db

    SHA256

    f9132387e9ef344c104ad29b455afce2087ead5c135363c286d477bbc9eec7a2

    SHA512

    1f1ac0a0fb37ce2ebbc28c26c4f8161923c6e755b716abf16b03ba243dd0d97c25641caaa31272f2f40ca702750f0d6d22f47fc62aa2c06874f3c66c417619f5

    Download Submit

  • memory/2348-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-7-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-0-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-281-0x0000000002AC0000-0x0000000002AC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2348-276-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-1-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-8-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-2-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-285-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-4-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2348-3-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-284-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-282-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2684-715-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download