Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-05-2024 15:32
General
-
Target
75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe
-
Size
599KB
-
MD5
75f0638e40cb937d9a553eb08b57d54c
-
SHA1
90ee61f64291bc6ae80abed380c21ce335662d72
-
SHA256
3315a2d5e721d5651480de71849f677a1a8ee2d4c2d7118053f02c71fb580b23
-
SHA512
4d837e332f1c66d971076a66b29bddf66e7e01c483598973869db0ad058ccdf3d8ee696979fa1f38d6dddf3fee3bc70ee4254a485d336738f63e2ceabb0f135c
-
SSDEEP
12288:XCHtHX2MoozEXPSL85ZGdVcbxdGnu+QF2O79niSCWPJxXvhFc3wGclt:XCHtHKsEXPMQYcbGnk/7FiSZPJRhRD
Malware Config
Signatures
-
Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
-
Deletes itself 1 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe"1⤵
- Sets desktop wallpaper using registry
- Enumerates system info in registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe"2⤵
- Deletes itself
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a3745ab20d6462aab68fde9e44086b4f
SHA1cf30f0c593b64e2dd1c48226bd73f4d52a2175ca
SHA25659736ea24920ce2dd25503e4223c0ad6e7f6b3a1d1f29a05c12409a91ef7399f
SHA5129e6df4a88a1fc6e9741d931f7e38fd11f3cedc0126ac577517c38d5478d073bbf3104fb9beb116e58d0ba2b96b16ed42f056c2cd0375d0976f424b8aff05eb4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5687517e82fadbd932fdb01f8d5ee3685
SHA138cfbc022d06ea15c5bebad686803a0060f7047b
SHA2564f3b2df55ae90775e789d37438f97c7efc5e80aa4cdab7239718330256205360
SHA51297fd2ca477851cfc2767801fae76bb5d21c5bc25d6cf3c2b6fe43c166b5590bdbfa8a75e4b730a5cefda504f898bbb8b9f510cc521c8113a0299f42f90dc8ee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56b1d4b4b99d3d22fb3a53cc8e6b64598
SHA1e8c16a32e5660ec53220b772eeba9c803382dc01
SHA256f23f48d725987ed3d7076549ad1e6f1f3cc92b1fcc72ba40973f0ec77c16c0f7
SHA51267095d20acfa8e98a4e2afb7bf24f0f655a68703869bc6619f349559b2372161ebce27c73a29081b36593fd4af178cb9cb9c5b782ff0e317310f9d29287da6ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f322446932234d8010f64f9f9b3339c7
SHA16e15276de002af639937487491019c78ec2e2bae
SHA256e093ad66c619ab02c1b71f8f1ffa74433b6aee07efd1a760e09272e138bb90bf
SHA512f4710587083ca4d9df03a75462c0672a5d2eb153ec5be0c3b1604f4b0ef4c444656cb9ba27fb32a9c8a4402d22be173f42c9ef2e88e5f0f008c375ca45473e1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59f9461e4febf86aedd486c73c8d4b393
SHA125d538368ad0004651443239d3e51775a399ef4d
SHA256df766daf7bde357ed2ec7765a55c4e48202a667898f9bbeb5d866d3d9a791880
SHA512913403b217bd53574ce6fefb90df4a1f83be937a7675611a307e9d71c765c63f436714ed5ad91ad267f289f7410bec360fbd310b60447722eee77e51b79f47c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b45716718135eb6778883ca736d1f9f2
SHA1ff7ab4d64c00a2806092736b2389f9244397006f
SHA25612103c5db2c0a2b086433bef07f6523595d116b42e7dfdbdd8941dcf967add61
SHA51256546020fe742e353b7f7f42f9333dfde03622c103c15fcd7b0cacdca782991dd00c7f80b9609d511fbe0eac377a03265b85e0b4f96fc4455fcb698cb05dab98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cf2333a35de4f71f28c0a680acc8faf3
SHA1748d21e617d2be112aa60d7b9f5625d09c6ec6f5
SHA25648d65afab1b945bb67ae7f123ee7f611e5b2fdccaf30c642fb29483be0328efe
SHA512167766422c8ec56a64f5895c093bc4d6abe41f6f37fc583a238c83ef9e68cd9504b800658a63a89804e9c5430b73f08f1ec149eaeb766ba192260b2d8c48c396
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53a9d8fd14bee3ac21bf2c81fc22f29e2
SHA17391661f148d2d20d3fa925fec47ea109a8cab72
SHA2560222bf99e8d86ee9abf19827246bbd65ab8bb2cd3e970d6d1a6491a1894e2d9e
SHA5123b15146892d32886fc2014c7e9ed92b2b57413f2ef5ee838263bd360a6548540710ccef34f9480bea6aafed68caf87f301e24cb0c515fe1b22ff08dce4600e60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD544349fe0742e5d09d1366d829cfe0845
SHA1ef20038ee19186108f259836533c22c5d2c29f3e
SHA256c544ec333233bd659ab2420c1e0a9080c28f988751eee982b4c6e888a12bd20f
SHA512038ac1d6e8573484eadfd406aead4152ca6081be6945e010146a242420d5f17d1b234bedb168afba839e8d68fbf9c573302641cc752340296e3c9f9b05373b13
-
C:\Users\Admin\AppData\Local\Temp\CabEBC9.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarECBA.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\Desktop\lukitus.bmpFilesize
3.7MB
MD5c62bd46a1662268d1538e8864ff8be79
SHA1d139822acd23c9d9d7b9221531ea159634530bbf
SHA256d5889eeb0d5bce7e299cfa8115755ca18d579077aaa6d46dc0434df51bde8638
SHA5125a28e6d1733ac134e5d6a0231a3649fd34c1aaff5fe7b520865ab9e14134f066ce38368fc132ef0e3dde629eb3cfca50311642192b0cb5255b558ed9793bf235
-
C:\lukitus-f37e.htmFilesize
8KB
MD59006517b6609bf3cd1ead5e51606b5c3
SHA14e1e83a347b2baf3b4fe60e1db685fc972813a0a
SHA25668dc4872786f374882a2d764bc009d1bcde06c9675f768aa8f97f5410223b3b0
SHA5123471a40d84aa968f7419a5ad4745fe35fb90b6c571ddb8fb21258f8ddcb0256825e371df89b3cddcb23d483b118208b0a49138f56543d5ce3f177dba86fc0bba
-
memory/2196-7-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-0-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-282-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-1-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-279-0x0000000000550000-0x0000000000552000-memory.dmpFilesize
8KB
-
memory/2196-13-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-11-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-2-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-6-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2196-4-0x0000000002380000-0x0000000002381000-memory.dmpFilesize
4KB
-
memory/2196-5-0x0000000000370000-0x0000000000371000-memory.dmpFilesize
4KB
-
memory/2196-3-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2852-283-0x0000000000580000-0x0000000000581000-memory.dmpFilesize
4KB
-
memory/2852-280-0x00000000001A0000-0x00000000001A2000-memory.dmpFilesize
8KB
-
memory/2852-759-0x0000000000580000-0x0000000000581000-memory.dmpFilesize
4KB
