Overview

overview

10

Static

static

3

2024-05-30...ky.exe

windows7-x64

10

2024-05-30...ky.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-30_f9a17a26036fe111324030e27e891cea_locky.exe

  • Size

    517KB

  • MD5

    f9a17a26036fe111324030e27e891cea

  • SHA1

    bf7cdc42f6ac5985be37819dcd2f5bbfedd582e1

  • SHA256

    d7d0561555b788d2048f7a6904318c44e01a16299bb3177250c4478170d7fa51

  • SHA512

    f0246f51c92334c60ad75fc26bd5fc016f7a8d14d1b55018bd98c9ae1f95cfdc2099d91bdef82a2523890777117be3f2db3c7ce993e04f1a1e48aee70a09868a

  • SSDEEP

    12288:uVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:uVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_f9a17a26036fe111324030e27e891cea_locky.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_f9a17a26036fe111324030e27e891cea_locky.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2024-05-30_f9a17a26036fe111324030e27e891cea_locky.exe"
      2⤵
      • Deletes itself
      PID:2932
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d3e10415368cc55416de8b93f579f9a

    SHA1

    6fd85713e31ad8c2bdc2c3f6b5d95bc43f0db2ee

    SHA256

    8655ddd62f31ec61b52983cb8e5e74d6e612d7ce27514c8c6b7055318a44bb4c

    SHA512

    9005e58ffb3baca900ed7bb050c4b7c6393b188c37b84593a7e41c0bf8ca45708d04234c7feee49bdc122dc9e7afd9aea0db79eedf87bf0243c65174f74fe429

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    321b4857e590a5a64be422b7c8e0418f

    SHA1

    34f1fccb3a5c9abed6f8a3705ed18cb418c82c17

    SHA256

    eb5a7f6e78586a52b65176d590a80fab00fceeb0c59e73a991ac532cc409bb08

    SHA512

    6c5a9c10fd5080baf0c81563c4e9827ca55df4fed6dd0dfb41053457fc604012f3296f1bbc6996ae13185fd9a48dd0388a32040e8700432bb20adcc6356646fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8584db17d94716f57e3e0e74a829654e

    SHA1

    2fb45927e00ccc68924cdf62fd67e45a08e313b5

    SHA256

    16469286be7864712b552d02f85de2fcf0f87f81e76bbdf041d91f678818bb4f

    SHA512

    050c0be3b4849a3228a7d6935daca1087bee87392f6fe45967cd0f271111c980fa457da9fbfa3ac0073ca201e82debea2cb792a29f641b79f973e73407ee7cda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7e76fc5f9645e52aa2b09c01a2521c4

    SHA1

    3b86c4faf57c601c8111fcc93bfa5bf4ff1ae539

    SHA256

    a275b14f6908276a0ae8c459b562c90bbbca3d06d21393f22412e2ac4d4ea9d6

    SHA512

    e29ba1154ab8fb8bc8e9f57c5e33d76bc7bfb1812fa85df4a914e00e98ee1d2b5e59ef59ccf83dba50fcd8477893bce7bdd7ea10a1da58d93103b0472c4f8376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86762daf47155ae82df33044b00deeb2

    SHA1

    9fe639f7adf676ccf0c75d74d1259e67338523ee

    SHA256

    879f5ab957c8b93ba2a532fb1218dd03b12381e2a8ece6c2d78b20c348555430

    SHA512

    608de9f84c12b3ccc3fba56487ba2698f139c449ae0e1e56e52b9368dc0486a0a34b6da9b07c9bfebee7da1189941cc7497ffddea981dafeafac6c66274854e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef9030444e7c02f1bdf9aab29449a448

    SHA1

    6ac960fc99050f79ba424b4bd5e9bf55262dace5

    SHA256

    edfefbe7fe5d491be3cb7a12e6ec2618c23d1bed4437c20dd1af57dfded67b87

    SHA512

    36742294dc575ef06a84d9bc031ba91c9c71eba72796fca7737a35be7491dd35855ece29dfb61d41e5e5db7ccd5f12a87acfa706c0ba816e74acf663ee786af0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97b28a7a2ba5578c4e7a6fa18ce0751d

    SHA1

    76d5582f910b55aca2756f974143f57469bc0685

    SHA256

    b1f0b61f71b56d076fe53c3509ab97fe7b21040c57edbf0bcbb535a7d1f70db2

    SHA512

    e29f943f1af06956fcceb9be32d0caa65866e352323ef6a12f3917851951baf7e8d714698cb18cc446a295be6d310fe89b7ad6b580be4859980ad8ca1a5aa413

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd8b8323ee731ca7fd635a0e4113a89e

    SHA1

    7675695179e325ee80e323b6ea423062bbf9f5a2

    SHA256

    63c5417d14bd3ea55ddf4fa47f760af72c4972446d08ac3fdbbf0160c585df9d

    SHA512

    2fc3934f0f47dcdee1a22101d996d1be1a87dc305e0d0889c6d2f1b6a8e8e3ed1287403eac748e64a8a4f6c2c03d4d0e5f2feaa694cbb2d6799db69b4f39d8e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94a71a5f3e2b411a920b6383ce4cb74f

    SHA1

    daf0311e513be01aed30ecf6400d5c6ae19908af

    SHA256

    72db7464313f3e2ac2b764d4668adf587f8651f832a592258ee858d1f19d56ff

    SHA512

    c5f55e54ef3e4aa0bb3d9899abc236d97edd8c2a2f2a026f466cf6fff75fa7b060370a1703add2a6726c9158957cabbc90531d58a86016edc0f42270c63ac5fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA3C1.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA474.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    a5bbf7418a3808bee47480538eaf1009

    SHA1

    9fb120ad5d5514c711b2f25350924af95b7fccfa

    SHA256

    fdd590e6b3903cf12e1f691398a3c107df071cb08b17bd4499544c3c6b756261

    SHA512

    3337b4375257f1ab68bb20cf12a077a9a8b04e0ea47a2e736cd01adc048bb5025f294af6d416c5525353b2fe87701995dbb9f77fb517c4d4acd4fd7114087803

    Download Submit

  • C:\Users\Default\lukitus-3acd.htm
    Filesize

    8KB

    MD5

    6413c403dcdd875ab0c6ed2cd2678c30

    SHA1

    5347b0317fb9fdc8be7731ae0f6586b95027da82

    SHA256

    59e02200bb5afc2a47e8ad01cc8088ae32c9937a5cc829efb9de96633c76ee53

    SHA512

    18b896ee14c399af00242a59ea9233ed560413e7238b67d098f814ecf6baf6f8185bd1f47edcc574cd1226e3488ee27100561ab107c891692e269f3c8b299370

    Download Submit

  • memory/1544-287-0x00000000009B0000-0x00000000009B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2732-289-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2732-288-0x00000000000F0000-0x00000000000F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2732-765-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download