Overview

overview

10

Static

static

3

8f1c524cd3...18.exe

windows7-x64

10

8f1c524cd3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f1c524cd3dd25e3d7b0e958db51048f_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    8f1c524cd3dd25e3d7b0e958db51048f

  • SHA1

    7c37371d755738b20f8f5ab9ca236d04c9a0d60b

  • SHA256

    fa5a353c16cbb3bc976b2a37abc69f2a0367e30093e68bb8986db106d2fcdb9a

  • SHA512

    52a5b63e97ea67b15a43a94a916040fd727bb840cc26f1615cd81ab656a5e99258fde5f46b657d9d2b1ff072a266fe501ec450914a1027a2f6c98044ce9783fc

  • SSDEEP

    12288:YBRpTibB8xNbXVhMnlodESdkVU6e23mBH9XPfHL2ad7s51:YVTFx9lhWlM2zfmBH9XnPW

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f1c524cd3dd25e3d7b0e958db51048f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8f1c524cd3dd25e3d7b0e958db51048f_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2272
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\8f1c524cd3dd25e3d7b0e958db51048f_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:1204
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e812f8d8c2a69bcc785ffa54f4a15dcb

    SHA1

    151083134ed4338e9cd48ce2a29c4665d38e9581

    SHA256

    4fb2736e04fde2f10d4eb9c4c708f729ff0022d35428679d305a69c296f8f484

    SHA512

    ce78355870b8bbf1788ca8b2cd75a5eab8b0ff0f3eb76029d411e3ee2f8f56a0739ef14d21147872bd7cb06d120ab5652765cf8c6c2d089ffd04d207cd86ff1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e91d904f08606134ee99d70b6065fc2

    SHA1

    b312713c06d6403d30ac02e79f2162a49d75eaeb

    SHA256

    c156dd549ebaaea151788a99fa5e0ba68fc23cb700c3a45604cbabd8f2dca612

    SHA512

    e252175091af298117263dd9a9372109ce0fd1051d95eaa87b68e65f46b2befb12785607f43ebfdafe4f214a5abb9ac22f2802d47c96ffafc9995f15da8781ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbd3d08fc80aa6592f3437b9e0cb7430

    SHA1

    49340def42c1bbe80794de75885441d171b967f4

    SHA256

    d30465e0cdf35bd41db9a6dce2d23d32e3b6117d03ed95dc993bafbc019ab748

    SHA512

    93375fae826414e5532400d82e55040b177574d7d93abc513b2b3c01147701f21e30532fbab9a167f5ddf10f640eed71cf2d21de4c338443f2c051f9c0f7082a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9af579b3b94470d4c2cd3a496ccf1a70

    SHA1

    f33305dbc9ab6292103bedb5d77977b408e8f648

    SHA256

    7cfcb3f57f7afca3f1ae4055e361d3be16f770bd90746eea20d8ff8a79c362f3

    SHA512

    bd898d3f3be385f7d4c3cfd67bbc8e1413b38aa90fa578f31516065556528eef7be753d20ab14efd9b9503ebbdde5d0fcef8e2e1b641988b1499812a5d1ed3f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6bac14724a496c770622073eae42ba1

    SHA1

    7d1f03fcba9c0ced2008f6c8519d756c2ad21eb8

    SHA256

    1c04317c663fee7065bf974bc0c11b9fb4dd70818283e630d280069db129a9ac

    SHA512

    5df2ff58bdcc2d0f28076b07ac1e8ea656852a9863091ca708408be0280e5d6b5936c122a70833e0a80bf8595e233f4a1d0b47dba9b4825934add63c665165d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7af4710ff1a26193d6969bbfa756e9de

    SHA1

    b9d9c7efab258722c0153fe60090d6bd6ebf9279

    SHA256

    9ab29dd1235e46bbf28512981f78c54c7f509726c7f2a29bb2c7b84ece9737d8

    SHA512

    df84aeffc799deead72e2130e701bb5d31d96b3e5eb36bfe47169a0cdb1016bec9eab232b649c06759e7969fa2d4885b1edbe8ede46df87a7deea30d630b4540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02669f93bb0084970a52dbec275280ab

    SHA1

    61a5f8758eec86943c1f0c0bc8f52d3ce3379777

    SHA256

    fc2b78c786a8b3e4b6daefb8527c68555508521f0e1c6ed2933022d132eb72e8

    SHA512

    52f1e8fdb1ebb274a43e7a5f5cad2f8b065b8953924f3037c70ee2842a9796e25b156ef36ff73915392841f9535fe7343aa3bb4c5bf2d650c454c6742373e9a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c800f628f943ba9258695f50d0b14e86

    SHA1

    3e33ebd32955e2f5250dd59370e5b4866827b89e

    SHA256

    cd59ee758462df3a29e307829a05828800954eb2b5553247675429323b521fe4

    SHA512

    1f94989190c2e336212b9820ce2b6dda25f1a65622ed47973e71f5a9179b5f6dcc66f977f22ca3d628d0cf29701278ad9e630ead2edd32a27c37f349f621a941

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce1c7d279e6b5e2a674761f8fd4db854

    SHA1

    19c3770d44e9adafa5ed3f42a7a5335addd80700

    SHA256

    cc55dd9569cb12b19d2504d29e9e7f616e44195f14a136ae1ca2d8104f53a60d

    SHA512

    a3f1e1b71b3dc6b9c17b9e155e071a9f345a0c652130e125d05518ffbfec28c5a18487b018e83f04f2cbaa7b9554c98a56194c8aebcb8ad95a9466bd71314df3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ce89619a94f2e86d6c63eaaec4706c6

    SHA1

    957b34e5654026962f60f3a25778ae4869e21cf1

    SHA256

    03f891a10335f1d9b12710493ab857cc8395b43698b443a17e600fbdce1611ca

    SHA512

    ee5a3491e7dee82c44d12457ee43ec6f5a06b8c9bce4c1d10c2c9e9606f9148b4c77d95c9103a86bbb877c67c183bd1f8b2e86402534ce62c3e31cce5dc9a646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c49b3df34007e7f5c05e84633e6b3d2

    SHA1

    d14e933f994d1ef570e815ef3c15014b2709819a

    SHA256

    afd512a815d1eaf523c85de4c2e326346f8a3c3ec0c8ad19150674ec6e589776

    SHA512

    1c6ee816ca331a54ebd7d4fd87d4a154bbcd8174df0464b936caee1f74761fa551ccc9336756223b10168f30d4938b48ab3520fe39fadd6ade11da0baa4eb5e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFBEE.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC92.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.7MB

    MD5

    2a349e5ed9b69469aba5bf79a2737f42

    SHA1

    12a8d9157af182946ae37deeb6b9e92177d1cca3

    SHA256

    421a3bd3d07b3e49c8ba14b1f12330985d7cd419e18c44734ee4b9c941505b87

    SHA512

    6725d60e77a649a8649e77c31df78e849c75fc4893824b51d79ecd1134462f159fc6c26c6e1554723896350711e61831ebde887cf530c8e41e6a33d0a8eb9df4

    Download Submit

  • C:\lukitus-0888.htm
    Filesize

    8KB

    MD5

    91c5e6c30d176be48f54a96380f75b52

    SHA1

    ee1251d34bcbc0d6355615d7cf87b470ac69a8ee

    SHA256

    a48fffb6eb5fb5cce4763211f3af75ce9d4bd7487014dee8dff8c7a6a899fb1d

    SHA512

    99ba383348ab92906dd74d65f5622360def308c82961980df663bccc24de447e33e31d9f3d5938f0371f9f2d105ffd3d58d4a43ded62160b8ad5c54591f75a63

    Download Submit

  • memory/2160-287-0x00000000000F0000-0x00000000000F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2160-289-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2160-766-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2232-7-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-281-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-290-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-8-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-286-0x00000000029F0000-0x00000000029F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2232-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-4-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-3-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2232-2-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2232-1-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2232-0-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download