Overview

overview

10

Static

static

3

75f0638e40...18.exe

windows7-x64

10

75f0638e40...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe

  • Size

    599KB

  • MD5

    75f0638e40cb937d9a553eb08b57d54c

  • SHA1

    90ee61f64291bc6ae80abed380c21ce335662d72

  • SHA256

    3315a2d5e721d5651480de71849f677a1a8ee2d4c2d7118053f02c71fb580b23

  • SHA512

    4d837e332f1c66d971076a66b29bddf66e7e01c483598973869db0ad058ccdf3d8ee696979fa1f38d6dddf3fee3bc70ee4254a485d336738f63e2ceabb0f135c

  • SSDEEP

    12288:XCHtHX2MoozEXPSL85ZGdVcbxdGnu+QF2O79niSCWPJxXvhFc3wGclt:XCHtHKsEXPMQYcbGnk/7FiSZPJRhRD

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Enumerates system info in registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2616
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2344
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3745ab20d6462aab68fde9e44086b4f

    SHA1

    cf30f0c593b64e2dd1c48226bd73f4d52a2175ca

    SHA256

    59736ea24920ce2dd25503e4223c0ad6e7f6b3a1d1f29a05c12409a91ef7399f

    SHA512

    9e6df4a88a1fc6e9741d931f7e38fd11f3cedc0126ac577517c38d5478d073bbf3104fb9beb116e58d0ba2b96b16ed42f056c2cd0375d0976f424b8aff05eb4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    687517e82fadbd932fdb01f8d5ee3685

    SHA1

    38cfbc022d06ea15c5bebad686803a0060f7047b

    SHA256

    4f3b2df55ae90775e789d37438f97c7efc5e80aa4cdab7239718330256205360

    SHA512

    97fd2ca477851cfc2767801fae76bb5d21c5bc25d6cf3c2b6fe43c166b5590bdbfa8a75e4b730a5cefda504f898bbb8b9f510cc521c8113a0299f42f90dc8ee3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b1d4b4b99d3d22fb3a53cc8e6b64598

    SHA1

    e8c16a32e5660ec53220b772eeba9c803382dc01

    SHA256

    f23f48d725987ed3d7076549ad1e6f1f3cc92b1fcc72ba40973f0ec77c16c0f7

    SHA512

    67095d20acfa8e98a4e2afb7bf24f0f655a68703869bc6619f349559b2372161ebce27c73a29081b36593fd4af178cb9cb9c5b782ff0e317310f9d29287da6ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f322446932234d8010f64f9f9b3339c7

    SHA1

    6e15276de002af639937487491019c78ec2e2bae

    SHA256

    e093ad66c619ab02c1b71f8f1ffa74433b6aee07efd1a760e09272e138bb90bf

    SHA512

    f4710587083ca4d9df03a75462c0672a5d2eb153ec5be0c3b1604f4b0ef4c444656cb9ba27fb32a9c8a4402d22be173f42c9ef2e88e5f0f008c375ca45473e1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f9461e4febf86aedd486c73c8d4b393

    SHA1

    25d538368ad0004651443239d3e51775a399ef4d

    SHA256

    df766daf7bde357ed2ec7765a55c4e48202a667898f9bbeb5d866d3d9a791880

    SHA512

    913403b217bd53574ce6fefb90df4a1f83be937a7675611a307e9d71c765c63f436714ed5ad91ad267f289f7410bec360fbd310b60447722eee77e51b79f47c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b45716718135eb6778883ca736d1f9f2

    SHA1

    ff7ab4d64c00a2806092736b2389f9244397006f

    SHA256

    12103c5db2c0a2b086433bef07f6523595d116b42e7dfdbdd8941dcf967add61

    SHA512

    56546020fe742e353b7f7f42f9333dfde03622c103c15fcd7b0cacdca782991dd00c7f80b9609d511fbe0eac377a03265b85e0b4f96fc4455fcb698cb05dab98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf2333a35de4f71f28c0a680acc8faf3

    SHA1

    748d21e617d2be112aa60d7b9f5625d09c6ec6f5

    SHA256

    48d65afab1b945bb67ae7f123ee7f611e5b2fdccaf30c642fb29483be0328efe

    SHA512

    167766422c8ec56a64f5895c093bc4d6abe41f6f37fc583a238c83ef9e68cd9504b800658a63a89804e9c5430b73f08f1ec149eaeb766ba192260b2d8c48c396

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a9d8fd14bee3ac21bf2c81fc22f29e2

    SHA1

    7391661f148d2d20d3fa925fec47ea109a8cab72

    SHA256

    0222bf99e8d86ee9abf19827246bbd65ab8bb2cd3e970d6d1a6491a1894e2d9e

    SHA512

    3b15146892d32886fc2014c7e9ed92b2b57413f2ef5ee838263bd360a6548540710ccef34f9480bea6aafed68caf87f301e24cb0c515fe1b22ff08dce4600e60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44349fe0742e5d09d1366d829cfe0845

    SHA1

    ef20038ee19186108f259836533c22c5d2c29f3e

    SHA256

    c544ec333233bd659ab2420c1e0a9080c28f988751eee982b4c6e888a12bd20f

    SHA512

    038ac1d6e8573484eadfd406aead4152ca6081be6945e010146a242420d5f17d1b234bedb168afba839e8d68fbf9c573302641cc752340296e3c9f9b05373b13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEBC9.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarECBA.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.7MB

    MD5

    c62bd46a1662268d1538e8864ff8be79

    SHA1

    d139822acd23c9d9d7b9221531ea159634530bbf

    SHA256

    d5889eeb0d5bce7e299cfa8115755ca18d579077aaa6d46dc0434df51bde8638

    SHA512

    5a28e6d1733ac134e5d6a0231a3649fd34c1aaff5fe7b520865ab9e14134f066ce38368fc132ef0e3dde629eb3cfca50311642192b0cb5255b558ed9793bf235

    Download Submit

  • C:\lukitus-f37e.htm
    Filesize

    8KB

    MD5

    9006517b6609bf3cd1ead5e51606b5c3

    SHA1

    4e1e83a347b2baf3b4fe60e1db685fc972813a0a

    SHA256

    68dc4872786f374882a2d764bc009d1bcde06c9675f768aa8f97f5410223b3b0

    SHA512

    3471a40d84aa968f7419a5ad4745fe35fb90b6c571ddb8fb21258f8ddcb0256825e371df89b3cddcb23d483b118208b0a49138f56543d5ce3f177dba86fc0bba

    Download Submit

  • memory/2196-7-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-0-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-282-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-1-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-279-0x0000000000550000-0x0000000000552000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2196-13-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-11-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-2-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-6-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2196-4-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-5-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-3-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2852-283-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2852-280-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2852-759-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download