Overview

overview

10

Static

static

3

2024-05-30...ky.exe

windows7-x64

10

2024-05-30...ky.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-30_6df9fb974921b6450a0dc2a052f32279_locky.exe

  • Size

    517KB

  • MD5

    6df9fb974921b6450a0dc2a052f32279

  • SHA1

    c4f14c84ebde71755248ea68736fa05713c798b6

  • SHA256

    0152f123ede46e76fb1193b1393b8e34dd2f2718ee108794414c2cc7734c73eb

  • SHA512

    4936a3c6a66804392e0248c4fc1f9ce0f68238bf639a8245681485cc75dfc7269fc103b7bcdfa959870c00145ab12a0d0dc1745cea55532cae38e9566ac59805

  • SSDEEP

    12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdjy:zVzzzjNO4FkUQ2yL7PtIdGudqlb9djy

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_6df9fb974921b6450a0dc2a052f32279_locky.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_6df9fb974921b6450a0dc2a052f32279_locky.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2180
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2024-05-30_6df9fb974921b6450a0dc2a052f32279_locky.exe"
      2⤵
      • Deletes itself
      PID:2648
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f85cdf95d849f89252bb199b54665c5

    SHA1

    13ec88489c5f7e5f572ba38a7a5dd73ec5896661

    SHA256

    efeddbcc3b39cfa1133c0496aaf7dc13a9a7fe9d451dba5a7e594058d93b521c

    SHA512

    9db64aecae74d956e77cea976b7e1f7ddadd73dc39ca4d61342d18552706d2dc86683d37c81f864643cb8a1f85f0e55f2d08886c45f781de213c6ea0ea2eac7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0d7c5b6cc0d9779b008c4b0ccd9c507

    SHA1

    f5a03664a5239cf59c68f47507c808296931cb26

    SHA256

    1bb3ff69483be494d7841303138a954eccd24e168d0268ff9d64fe94e8ce2bbe

    SHA512

    7054b98ad5e5ac491b2b543f5a48d13cb4e6b6bd28723991b84b1a6ae64f63be5cf385ba0c07941bf11c09332961d10bd3e696031a6cac00dd27c52e08425c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40f38aaa0c8ca7cf378366e543d7bc7a

    SHA1

    66e133a55207448a3660116574255de646db7b1e

    SHA256

    c6dc787aed617070ba790540d7974c7eea3c4c437dac9556ba6bbcd2ebe7a379

    SHA512

    83997cefdaa43932a52e0157349cc295398686d685d65835ec986bc1fa5d9b11b8ec7f6c1fa6d3032864bdbf2fc4f5360a7cc36869205f62bb27734bf6f573b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdebcd8265805f46748ac080f1c1de6b

    SHA1

    41d6ae8a9aeeb4b6812f03e4b5ef2977ad9a8520

    SHA256

    bc6de0942548b2323c1c9922a2d4ad6aa2e325addad0c46ae8b49919a9570615

    SHA512

    6e5f92852600436369f19001a9dca1eaf9158251f2422fcb072d8e6ece7efbb0877dcf51f624ed82a610236ed6857e7c16545bcec457e2192f4a7ac59581dd17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a91400885a9e8a9022dece2079fd2527

    SHA1

    5854eba7c65fac11f17e6a0f2526b5e3f00f7bfa

    SHA256

    9e2ccca31fcb5cbe3548a73be22ec680042633cad50719832c771eee98b7fad0

    SHA512

    db2effe7e22a8c30963e708863b17533ff80722d69984138324e238ab9fed483f608b38fd9219d0558c3b94885ab3cd22c0e4a1b01d3efc2d5449aeddc5fa94d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfe7654825572408b34f48a586e84e34

    SHA1

    c4a864e934698829a61783406be54db1de3b1027

    SHA256

    834c46b90d8d48661716a0d1c345c01427157ec11f219be4a6f3cb6511c052e6

    SHA512

    9dda9896de09f9d0015f49c4645051bcc2d9839c1c081d020aff3158570ac9d32e2c6620e8f3ffac75b599f7da82563e0543aeb86ec832145937a189ff7288d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d898e19bc9c2d01bd47958ae0f2d8ec

    SHA1

    4738da5c04c7b996a664d3416b56f631f332aff4

    SHA256

    f1067915aaeb7bb1b37bd30a6be441f5d76a82b73a0aa4b150c937640e002abe

    SHA512

    0c4bbbedbfb6205e6e169ef97bd04d01be6afab3c0f398cc6c85770bfb1a9ce172606c7f613511b8b9fd6e87d5582b02d0cae7d5ac385a34cfa54acf2f951ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fd01b3a21360f9fe9ed18e520443b7c

    SHA1

    9ec2d519a9bd1ea8a07fd2c957cf3b587a7f6076

    SHA256

    933094ff1cb20adf5c9a9bcff0c8ba4e501b0325a3dbd797d91f9b2e6cd20ba9

    SHA512

    9913790fe8a8aaf1c6f8a3c6333bc485f4a662b25a43d314a376e3b8a9dfddd590cf8d5114211eb7df6d0650edbe3bd171b6ef8d44bd338c58098b4eeaaf83aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fabc50b051f8c27526fdfbfdb24320a

    SHA1

    d643b59cb1addd1baefcaaaef901e21ca6fd8a64

    SHA256

    f9f30c750984ee93129fc60f6d39156d3a2fe8a916127f2ea3f7f4b13bad49f5

    SHA512

    6213c725cefa7859c14dc091a18874354206eba41e192122a13e0a3d39f9fef7f9904e2a7919e209a43861f1d234e50f2d08608f5ad972d72a25c27be6dda034

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCF9F.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD092.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    60c27850c006406863165ccab3ffc344

    SHA1

    830d4a398ba81df7945a26ce6827fbe8b44703e2

    SHA256

    7c0207edcbf1699ec1cc6dd224f604f8b30271e6800f8d56ca97d59f70143542

    SHA512

    404cdc9a76bfee51a79e608446d0ad107b27570ea08bdd6eecb13554ad31fe734732a50458ec7fa417c87f4ac95d9cb620f9225fb7064f010a0748cb8582af6a

    Download Submit

  • C:\lukitus-c46e.htm
    Filesize

    8KB

    MD5

    5c0c0df80ccab3282868767bc26418fe

    SHA1

    525f4e3e2e071ceba87871fa27316a794b5dde35

    SHA256

    f3e24fd36b9d8962ae63df4cba569e2171a05ffcffe4989b8523f52aaeb41669

    SHA512

    ca958febf70c06b8b77df64b7623af4d65dac99a30d6ee25a556302bcbf55c2ea1837df48027af31869a738740fe7b2d197464a6aecc73647f3057b4efc15f71

    Download Submit

  • memory/2864-264-0x0000000001DC0000-0x0000000001DC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2960-266-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-265-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2960-743-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download