Overview

overview

10

Static

static

3

f2c9ae3735...50.exe

windows7-x64

10

f2c9ae3735...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    210s
  • max time network
    204s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150.exe

  • Size

    135KB

  • MD5

    511aa2f2fe6196e032ec7fef83bb8d95

  • SHA1

    ce874f517d335a1e1ab0df99111df1d3adbc0d21

  • SHA256

    f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150

  • SHA512

    78a4771ab5e531420a45338ae27a5a4dad11b50385964a739e7ecec2c55d3ee47cde148dfc1e82ce7e8b8eb8a04a7f9b784cdd640e490a84bc8ce621d2f8d1c0

  • SSDEEP

    3072:VV2vxw88jLtbMmJ2RqRADLK1iJ1/NvdOgecZlw/C:VV2v503kRqRuL0iJ1FdLec9

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150.exe
    "C:\Users\Admin\AppData\Local\Temp\f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_HELP_instructions.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2140
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150.exe"
      2⤵
      • Deletes itself
      PID:1832
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\_4_HELP_instructions.html
    Filesize

    9KB

    MD5

    bf42a00c990e418f24343fd0dc5d1103

    SHA1

    3e18fc909f701b396d3fcf2e092191d6de2e7633

    SHA256

    b2610964a053d8cc13d448ef6f95686c9360d63f92aaafcf1c523e9dde7a40b9

    SHA512

    4dee8e560944aef60df1dc38cd30a56c2c1e0e0ba10e5f67cf77ab08ce79724bba5fe7589853b524247a01c800d9fbbb0f9a1fc1c54658287cf60e34e47b3bdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb96b281b3999af23db423101042dc85

    SHA1

    d563db1bc14b195aa2f74980d58997ea03ea85c7

    SHA256

    4483964ac21ccfd0d57ce8051458669ae04975fb0e4abcd7c5e1484e85e4fbad

    SHA512

    a4c87d5d434a9da0242271174607e11d1d9856ac6fde2cb8625fc3e978e15ce985d42580271c7080719e892a0ad875ef6fc377b7fdbd43b1c3151ba896958ef8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1e00209402ecc3297af125bcfd9ecae

    SHA1

    ea4d5580722228176cf4e2ab71affa18557cfad5

    SHA256

    aaacfa26464b6dfe2de698018cafa095ae4e38fabc9e6234b0f165f36d2e7530

    SHA512

    b6131e69ec3fc03fbcb0eecbd33403965e3c6c9ac47f482b15481db254061e2317d37598a831c90f3e54b571d7dffca7cc91d25723be75daf1d24c3850a3f95f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae4e7689b96493e47823c663f0b5a119

    SHA1

    b2383f1d8d2c89799312e06d94a660bbcd27c59c

    SHA256

    03004d60ea458beb0b5d24b4eb4fae742b84f8720ee3b34027c2dfca900855f0

    SHA512

    b89656f3b81491939c69c57dfc652c1a7e95d67bb156d4440ece7116b1465a57796051c8bea4ff393494cb1e00f8c170b7b251578637ace94583a5a22a085f38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0bd4d16ce0b07c723e769a0d5b435b8

    SHA1

    52df4ef1fdc7a9cb5df1ac0f64931b20f29a8adf

    SHA256

    9770634cdc5475ca6b7951f291fb325df8177fb03396bf5678412021bf5cf90d

    SHA512

    3a3ae587045a4c9b38eae41c3d75f344cbc88b7b6135ac26bb9efb7d72d1b3760c4fcda8afda19ed47cb16ae40aac2bc84f13835d98835acf47fc9e798627e03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33f04bed257c81d3bf11290771032765

    SHA1

    c7658891d7912f2cc83ef46c1dcaa2165b5eac44

    SHA256

    5ede7fe5aa55784e525fdc6ca21e2da9c2a7bdd544f15b726942bb767a086b49

    SHA512

    d7176636e8eadfd32c3e08b7bcbcfaba1a534ed8050f96c8242d7f447bac03610e8edab7e32f52b0993022f4f35cb38610f48ff943ef1d49b38782d7b77fc973

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2cd624611a4977c8d49ea8ce5c07b5a

    SHA1

    02b82541f112adfcc96fd9f4a1e40e058b8dec68

    SHA256

    6c42956ff02642887f878c5bfc9357ae0b38b9f12968d404ba3c8e93c73e85f6

    SHA512

    500cb64f8523d8c462f7731c9a641a1fcf09c65725a856c0899625fdda21492597dd2b15f42f306b00e6341884f596833caf9059e6d0ba8b584d40259eab9f59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    650b4ca792e647c649d001a83d73ecd0

    SHA1

    6aa143f2f3237e58d810fc8244ed3438707fc6c1

    SHA256

    64c5687569852d69791e80d7154f1d699e6ff0d6a49a45e329f6002574a670d4

    SHA512

    73a3c837135b264ddf7bbc2bf8383feb28304e5e95eb882c65660dbddb68c19fe4546f410dc91d082b208c9c72e1cde6d222ec4d74f2ab101cad094851ee8c01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57b18428939ea6010d8e7ac5555ddf45

    SHA1

    58193d3e648c2e30fb5e49c10bc36f10713ba7e7

    SHA256

    bc63a79e7a647f9e11dd5da7e3e0831ce6059826946ef6176572cb0ba901bb50

    SHA512

    4b7740072d7d0c75e541f96ecef3f99c6497050add18c7f92a44257b0104340479ec86189979b09c58722fc250578ed01543eca1a6d9578f4984d2dd23f6f589

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b91239df2173dd88f6261b947d5bc1e5

    SHA1

    2b716e710471a108a1894ee6b53de9edc7a23f4e

    SHA256

    735c266a85f7da6517baf9ad57425604e68342b15971e341d23cd297ca0087f5

    SHA512

    658f12fb0974e6e6e11f080fc649451c06fc110cff0c30f4176451ad719204f561d37e0fb22001ae01ee123a8bcfa73e40cd474758d7dae7d668af0456eb5fc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0171907357226d9184713defd9580ad

    SHA1

    9ef6d4fc60dd7d6aeb4afb1ff1b55ce512f89e04

    SHA256

    e32a97af18dee222c78f52b2a96d17b6fd00fa972625d6ed1b2245987f331697

    SHA512

    fb31dcb83db5e2395ef76e32da2f557be96f0ce7d6536f149b184c5bf72bbd503d287b77a19bf40cbed03736b16ecc66c490323307b3290cff804fe940a4ad19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6f2db81c352cd0182fddfe8da848581

    SHA1

    d73ce05da31b0ebd2f3c426e961314aafbbc034c

    SHA256

    a3d97a55c865d3cfefd15822193ce40aca460860c4829524e5988c15a1c0cdaf

    SHA512

    ca8b55891877b328afd228acf3366814c1f3dbb79f5e1c9932edfe50ef79be788fcb68ab159a184f67ecd5e5ec0e664e4f85e3863904aac5aef05ce80dbd21d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a509b4c4c6f77801e7e4c70f503c4b83

    SHA1

    cde01e0cd47df419311d1a1a980a951bc7c9f46d

    SHA256

    7f7d2433771c2b2ced722dcf84f83af05a8a14fa245bf4151c661d62c78e3ae3

    SHA512

    eeeeec9e1f1d36406023f8a9a187dbfa5627c841bf3ec439f0815fef6b7d75ef02816d8f6ba2628e8bf9fb5a28721c0922733a06e637d2f90b05804229ebbe96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99d66ea88659b89244446ccf9d05369f

    SHA1

    80760b1d5469ccd40f1e2e16b9d08d324d6c4e71

    SHA256

    311442abfe3acb3c46482a486f084104f7c0af32a1d562a1857f5eac410a8b99

    SHA512

    22e23c299c439a65a7196966b0da80804354d675a1d92edd93df541d49739a31bc8235cefdffe37fd1f272b4496c4dd3f371e1ebbbec813bad36635176748f02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a915e467f7c26e36f14099f36dc2147

    SHA1

    678b830d67f6624ad89fb9b0dec102969051fd8f

    SHA256

    0e6bab63a11bdde3d41fe832789c2f2b72bbdc1d43d9473014a1ec6e0b5d4adf

    SHA512

    51afa29c3530335be1132c18d947ba8e3f3d8a6258b9d424374f3770f009d2b1822aa6247498e28c9a7d5be3b2cc21c79f53c5ac8c05c05015c8c44c9de8038c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48481add883797acce9db15e77170369

    SHA1

    0be3cfc807df5286badb0ec8c98929793e89b306

    SHA256

    b6766c1bed92757179e8c7f4babc7b762e56c1a5c136f363283538d8887d23d2

    SHA512

    b7188be295cc6cc66fbbdec70d79fc7e487f3be62b82f99e3446ec0c20b31b73c86bf0c995014af4b5a845dbbfe484d7c65fdfe8bcededa2bbd09621a0e03050

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    265dbcb9893fa1d3ce818cd80af93232

    SHA1

    4c9fe0263874c5c98f2bf9e3adfd819b060d0317

    SHA256

    a7685a155840447df01cf607296f73b77e9fe35856e45d6d21b4f5d7c132821d

    SHA512

    b440fa3ae5dc8b7c6545c0a654cb06b4cef0f536f7fb4150a9ecf9822f7462a572727f17f4f652b5bb30a9d04c27a0c76c260649611edf2a4d9bb9805ca314e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    565a36ac0c0df7b02ec8bf26a1a66161

    SHA1

    525914667a96d7ad2a7572e69f71c02d04b2c88f

    SHA256

    dbaf3c410803feb59d1db0541e7b668cd7bb07f92f16bcc11e810b86993fd5d1

    SHA512

    a2c7151fe1059e3f37ec112b875adcb9b183abbd302d9990f42a6927e82ea51d8ad9c1b838b54b115c42cfd35419edf116fedf536b39c3e34012a110285b8d65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    070e261b42f618c65e92213dd9572a8a

    SHA1

    18ab5736c3b185fc5611c9ef43357112b8899a05

    SHA256

    d0729adf1a11dea30443bcc2440282d779b8e6cfd06de2fe228e72c65a581fb8

    SHA512

    ab711404fb4acc054ec9f376cbbeb3becd0bbe161fcfe379a960f5853f384ebd158615f8ba7ced01251b125aaed088ddc85f8750ff58027a33fade0301b7301f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2d77b8b7a08cb170f47815054a8e999

    SHA1

    38f617d1141f11914feea1e6192019661d74f5b0

    SHA256

    a34ec30fe60df1e2e4e06b2ab11597297868da3952995be00629592efa40e42f

    SHA512

    e27d940bd84cfe08a5c6e60dde159e6a9a3b6db03ac2913a6f37d9be94ab2846ef6aaf45c52f4320ff7984c949e94ab56c0be9f7fbc6b992f956eb6418dedd46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5860.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab591D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5922.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\_HELP_instructions.bmp
    Filesize

    3.7MB

    MD5

    851e06b29ee730870aa5135997d0c8ba

    SHA1

    15f008f0c55504e4431106b02cc5dfb1ca603064

    SHA256

    693008a2b7acee8d17fc17757270ea43d1f929527c4becd6d492bbf85e746ac0

    SHA512

    8f8fcca8ef43a45cd7204971163311d3ea09e5fea5a20a2ac0b416b7fcb4ecda71ab57de3f6cf8ce16c5a2343e2cc8d605981b2e37208fbeeb520af43e1cc91d

    Download Submit

  • memory/1276-288-0x0000000001E20000-0x0000000001E22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1276-11-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-1-0x00000000000B0000-0x00000000000B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1276-12-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-13-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-283-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-291-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-4-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-2-0x00000000009F0000-0x0000000000A16000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-0-0x00000000001D0000-0x00000000001F6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2848-769-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2848-289-0x0000000000160000-0x0000000000162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2848-292-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

    Download