Overview

overview

10

Static

static

3

6bd26cf5c6...18.exe

windows7-x64

10

6bd26cf5c6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bd26cf5c685f77d039470ae3395cc5d_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    6bd26cf5c685f77d039470ae3395cc5d

  • SHA1

    b63de94717c5cbebc75f05b8baa5c95ea5ae9d0e

  • SHA256

    a098a49fe6c41b6f1e53d4936de1fef1e97f62e8132dab8a4b0a5a96fcb66db7

  • SHA512

    441b3929c14c052b2e97fa4d197e832ce5b07c180948147f19a89fb6a0dfaa7789b6bdd92d86ed66df9ee7d4c110626dccfe129ba9511aa5dfaf4b65011d87ed

  • SSDEEP

    12288:cBRpTa1N85A95xy0pRUU6G4RD4LR0zAo0hKg8H+HIUPwXXp:cVTQ20pC4LazAo7eHIUQ

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6bd26cf5c685f77d039470ae3395cc5d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6bd26cf5c685f77d039470ae3395cc5d_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2028
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\6bd26cf5c685f77d039470ae3395cc5d_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2800
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f9caaa59085a672c5a79f07d5f5460d5

    SHA1

    f8a69c796d3373e3895ca546533a2488628a1e74

    SHA256

    ebcc23c64825b2630a98de8227089f7e146b69d420f91645a5fe7a08e99d403d

    SHA512

    4c0d09a149753aabcfb9f532a1ca7cba4d5a714b6d4b9c36b8be369ef580af758e06eb73df1b962a49694ab6266090629cd364e872f761b7c0f759134cdf7abf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63e5f13ef38f3285db6ac058165da07b

    SHA1

    af0c11316f478b1ef3f29dbb5de4a5bcf4f83c1d

    SHA256

    721d6f532f0c69b354eef98969d9ffea1b5599c4ae6ebbfd93a3836d6d155ea9

    SHA512

    3e9a3e7681d24120218a103ba54b2fe2f1c96f4db7b22b35b0c9c3c257725c07815032f47cafd61da22ff14b9584cd74d60c01e43f6c5ae1a3f86efee052b64f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f08ddd5409fc54c333a3cc65f0de67e4

    SHA1

    753cbb143ddfabdd360f636caeadb63f52d6c302

    SHA256

    b2d02ac158ec4e1902420ed1025e3f891fc612e974c518569bb4a9f8c396e5cb

    SHA512

    2b6c50bd155d3e61366f9f06699976b5d625911fd182004e1e3c5cff66cb2fe8d5632a07606b078066bd6fcb84b47d3aa1015a06b1e8f3b0e6cc4cfea41b6391

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36a0f4926c91b4c4bb79991ebd314fdf

    SHA1

    864c7ee60711945a67180cae8ba514791d7fb289

    SHA256

    3007fd711a5dd1c3dff815d7f0ab17419c7d33fb1c4660aa5574c69fe85e6ea2

    SHA512

    756d1bc6878a4896795e44f974d54559230c2a5f1efcc1c4295f410f5ed8f57fd4b4059b7f7975b1b14c1fd0c15c7f5160ee2af90a0cecaf99adbd599c2c4f81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f72cc77427c8477305f37e8e00a7934d

    SHA1

    592f9b5fc7d799cc8d2b34d8975c48f544cfca1b

    SHA256

    f367c448453191f85755a807ae1e74bd276c8c65b57c82de10eb022702fbacba

    SHA512

    8f3fa873ae09c81e19620c5ab52b2623d0fb83fcc4b2c1f331daf257b6e06578e59efe58d8650fc8bc255fd36025926bb68f00be5ea9b30ddd9d03ac4a6a12a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86548b0738b136d2011c2f07e0a6a947

    SHA1

    6446ea8a72b7cf9ade2663853c51807e42c7a7d8

    SHA256

    1e65162c5ac64949341b5d640327bc413a51c526d0631f805afe558f1ba4ed0d

    SHA512

    73911e1a4c11f47b2074656152a24e94dba61faa0b8d961e014dd6e3c40eb9a5f4493148d98caff0ad3f9ca381c899c3cb7c60aa7e3dbd80de11c787927d2217

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d48f607792998bd42894086de999a5cf

    SHA1

    dbef87205dae50a63f9510aea94689e3e3e2896e

    SHA256

    904213eb5bd2ee3436c886a48ccf8572aa6708b54689e89458182a2fc23fb4e5

    SHA512

    7d55b967324760916ef94cc69400edac99955cd76e5f741007d225b08417a92786aaf6e95c3a3c2a8ff8552c7114eddae677af60264e41cf4cca724ad89033b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eedfc786c3773ba57611fd96f04e61b6

    SHA1

    04bfb25aa3fbc52e2d4f249ac8270c63a3bae2bd

    SHA256

    baece592da7604443fa6d2462a39a54bf14ec6112af0fdc1bbf238a1a239e912

    SHA512

    d89c6ce220640aea78ae93b7c9d50aeef30999c67abfb7e92f5fc379c44f6b64e6a851f46c9bc979568a9ce62ace889d069d5d219d1ac98b38b3558c567fd6bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41f4c50c21b8e2832e255aafc0f021ac

    SHA1

    d17fb9fe5e627ff7fc5a9966f875c7cf9d4f5a1e

    SHA256

    6bec410a3be53b4fe94b0dd2d6b195a393dfff4fcc478d47bc21976fb074880f

    SHA512

    23f6a8b7f85830014ba1ebf6b64409496406de966128d7c43bcfcba458242054b72b95b91174b8b768711dd9f65d9f8d74df17a0452c638d7a11b80fa45bba47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1dc1c144eb4f9b14481c1d93a6b848d

    SHA1

    9cc47a2487c9de0ea0d717a2ab0972321d5e7fec

    SHA256

    e174afd2e264a28eab51e408c121e75b2baab1046355b9eae7365d433ca4e611

    SHA512

    d4854f827913110b0b45bb957b92d4cba52b61f1a8543c5df5274a339c1b68da2ec399b423d16bffcc57a85c6d4fb65321bd8140868dbb2014073acc55687f73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE6C9.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE73A.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.1MB

    MD5

    b38d0d192b7484f73647efffbfdefe99

    SHA1

    461ffb99c38e081f742b734cc893647c8c74665b

    SHA256

    cc1a0f489b11a3b1ebc1a7242f5737685e31b01acbae67219a02c3c30c58ce19

    SHA512

    8181ad837896311ca0abfbe0e5eec1404d6c8399aee2675a818a17245a4fdf556d240fe50cd545be091d245981de102f7d1b2a9dfbc7da81d80d349d26afd8cb

    Download Submit

  • C:\lukitus-47a7.htm
    Filesize

    7KB

    MD5

    09688c2a4c20edda4f04da12cb6871f1

    SHA1

    43f9d38fd65620eb57419c785c4e35695eb29ce8

    SHA256

    d16a5ce2da8e67b5545e4ab0f2a2bc841eb03023e2acda6a540ef004eb942f04

    SHA512

    d19736fcc0ff95d98c2bdf3245a8dfdaf20dd711cb007f3bee6262cda9fc41bb8468c9c4f7b48cea62d58aecf48d3ba214c084a8ac59ffa2ef6346845adc2bc7

    Download Submit

  • memory/840-7-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-0-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-275-0x0000000000680000-0x0000000000682000-memory.dmp

    Filesize

    8KB

    Download

  • memory/840-270-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-1-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-8-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-2-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-278-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-4-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/840-3-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1412-277-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1412-276-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1412-709-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download