Overview

overview

10

Static

static

3

2024-05-30...ky.exe

windows7-x64

10

2024-05-30...ky.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-30_7619daf0a58c873caa3790bc66f84204_locky.exe

  • Size

    517KB

  • MD5

    7619daf0a58c873caa3790bc66f84204

  • SHA1

    1feb1683d1b149601d2036b41ed36fd9c9d88f6d

  • SHA256

    ce91d20c7f9e548ba5cf56e84cf8e535566bdaf6dd319d948988e3246d7f6644

  • SHA512

    2326dbe762b73cd83bbf0e8964ae9d7836686b5127b4d7d2064936ca81f2906d58e645b3928801b50ae3a86167a131a8b90d5d9c2ef8e0871bf150fcf4995508

  • SSDEEP

    12288:uVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:uVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_7619daf0a58c873caa3790bc66f84204_locky.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_7619daf0a58c873caa3790bc66f84204_locky.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2344
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2024-05-30_7619daf0a58c873caa3790bc66f84204_locky.exe"
      2⤵
      • Deletes itself
      PID:2596
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0886725d0eeef960d72dce08cf0af63

    SHA1

    e09338bcf6fe489871cea3f086b61eafe13b119d

    SHA256

    af16cb2f63e2ef9ed6d66197da31fc26b40c3b2e41b16425553be661cfea9820

    SHA512

    4aeba9e0afa0883e8740d896d5de538b6270396f926146734cf77e0fa4ce23c45d4f745e521ee07ba253ddc40f449c156f6f8e8580c4162805ada380cc22caf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffd82905d03cfd7330de990e7c0e82f0

    SHA1

    9ebcd3d31beb905c98971106cc11304ae55224d8

    SHA256

    03795c8ab4a27d1ba02c9b7d6188f507d667a8d2639b261986d5e35249b001c0

    SHA512

    5235c72d31ed504d19d2ec76bb0841ef08a1cc17165828da2fed8b655c8e106f175d21a9c0d943396260109d9e607cb7c75be657d882d4d40aa2a67aea788423

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4c3942960f8c568deb0a22e26886dc6

    SHA1

    c400c95ef27dd5434e15c7ab0d2a3490156f2b5d

    SHA256

    0bb56acd975ff5e7300a8e3f50bc457d8f7239f84edf61d9658909daef5529d7

    SHA512

    9c4575481124870a298ea9d84456b2db3d0a7cc17c4f1a3863d28ce3a916c57d21dc1b900fa503ed9ce401ce4972f2ac3bf2143a0b38207ef7ad9686b12556a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b3df88331df0feeed25c32f0f0fc38c

    SHA1

    63b61f2019072fcf8c9b6afc4b45aa74270ed792

    SHA256

    40b0652c197372a02e76d44ff6cda1a5a36a1efe9b9e794b9526e760d1404da5

    SHA512

    53ce43727f13780bc879a4c48347c02c7354326c56555de5ede6088056427a4148e8db72f85ea43a9cdbb3a5bb677d2500e160aea8c748cbc1a653e0251b1a75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3ccd53c53a3ee02c00077183171d90e

    SHA1

    cfd820ebca9907da85ce083cd280dd8a9d37d496

    SHA256

    87da88b4d6bac88efe8e0d2b73d8a2efada4030ee899012ccbfff776e34efc55

    SHA512

    e629b07c8e4ce3b5a8a7a401d90792acecb560559f014c10f5f35d4b5b6531e72c38ad178aba2e30f0f385a9318aef9343ac33bf6fb93877171ddb2c5781711c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcd1e01b2449e5734ccc56359f228bbb

    SHA1

    fe7c2cd506bc7cae44273d9c8bec497fde996845

    SHA256

    441576a6d033d6238d0d4122c485c8ddbc26c4660f555346f9e7210a9307df9d

    SHA512

    db2a09df5efe4c3f397b914eacc18f0e5c268396610790b0edc80a556a908f806fef428e2769f20a9a1c17e1900edfd7a1ac2071373b72a4d003f56754472108

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    575af4ea55e72541f0bd135a127b9666

    SHA1

    1edb99478b8a7bb150a1c60d4a9895c6e5ce909c

    SHA256

    af94307dfcc655ae73e7fe461033aa5b4879de6382f99f4a067d6d85ee1fc7fd

    SHA512

    5b08feddbd580c83037c8f5fc915a969cccaf93443b26e742e8020f0ab27e78fe49b4f10a4a9df6b5a3092cd521c50ae65e8065511bdf0deec08091a013c33db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b8abd270ddea5229429864408ff1ad7

    SHA1

    56610246e339f082d81aac8b48172db3fe4d2c1d

    SHA256

    c5abca54cfbc62f7f9a5a8e9ed799eb4e2f02a4243b1492f7c37e2a4507e89c2

    SHA512

    d4cdddda102ed233081175db6467bb3b9ddbc8b34084e372fde33a48ad65a12d251840fb59f04b4f3eaa5f8973ac9c5aafc7550fcbc8478d95dadc7efa0a9b72

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab852A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar862B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    be1fc0aa41556442ed25d0b48db892fc

    SHA1

    564f2afd1ff17fbac2ebf14f32a3e189074c2bb8

    SHA256

    f603da8c4cb327448f1769aa3a83f27ed5fb9e53235086f60b94364496448c18

    SHA512

    08ad9e2c66d2057f20db788313ca8b51230140f2413f3fabc6a96d68a91cf55073c0fac16a0f82ff7d02387bd1f407558cc0541f5f8f7d233251983119e2cc36

    Download Submit

  • C:\lukitus-482a.htm
    Filesize

    8KB

    MD5

    5c0c0df80ccab3282868767bc26418fe

    SHA1

    525f4e3e2e071ceba87871fa27316a794b5dde35

    SHA256

    f3e24fd36b9d8962ae63df4cba569e2171a05ffcffe4989b8523f52aaeb41669

    SHA512

    ca958febf70c06b8b77df64b7623af4d65dac99a30d6ee25a556302bcbf55c2ea1837df48027af31869a738740fe7b2d197464a6aecc73647f3057b4efc15f71

    Download Submit

  • memory/1228-257-0x0000000000720000-0x0000000000722000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2628-260-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-258-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2628-736-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download