Overview

overview

10

Static

static

3

a1cb6b40b4...18.exe

windows7-x64

10

a1cb6b40b4...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118.exe

  • Size

    590KB

  • MD5

    a1cb6b40b49d78103444c32f4f5c1022

  • SHA1

    d911951b10b4c41239f639af8397fefbc9deed12

  • SHA256

    aa36ae501dd09617500a6b38de7917dc5c7313fffb2841bcfdcafa9d567621f0

  • SHA512

    e6b05658f34beff41d7fc13cfb4bd3cff776a24356cce78fb2c29002a4e451a40e019c806c824274fc41248582254320961f07d56b0a4fc38a2fb676045db1e4

  • SSDEEP

    12288:/g2xN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9:LN5+f7t3cEFVq5Y0wu7zo

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Enumerates system info in registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a1cb6b40b49d78103444c32f4f5c1022_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2824
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.8MB

    MD5

    b5389b0baea9826fb047ec7c5397dfd6

    SHA1

    8402a3abfa0c7baed4c32368a04c3d695e5b192a

    SHA256

    0d71884066f3ef9427c6a39af412a27207d209d682bb325b465804b85168b7ca

    SHA512

    4f0937c2d7c1e37745a0ac15b503adf2212d850862186abe225e09c9860b30f83395f8614ab9f90931d316fbebbe5c742a7c02f33528002315359293331f6253

    Download Submit

  • C:\Users\Default\lukitus-2544.htm
    Filesize

    8KB

    MD5

    3b88ee0b42957ea297b6f69a8b14069a

    SHA1

    83474fda0ea83b5d7bd192ef66fe8355d2ced383

    SHA256

    eb47c56cab20d9ac8cf2e5aa1356460f5b221611a74cac22f78c8fabc9c2828c

    SHA512

    d73ada7e6f9816d7db406f46facf89f6608ff3c1b624e542edba4f1ea13a21a1d3d520b3230528290638b6c28d42bc2d1f15fa12b5328a5cf4c74a220a2e209a

    Download Submit

  • memory/2204-11-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-14-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-5-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-4-0x0000000002620000-0x0000000002621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-6-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-9-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-0-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-3-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-2-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-279-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-283-0x0000000002670000-0x0000000002672000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2204-1-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2204-287-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2344-285-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-284-0x00000000000B0000-0x00000000000B2000-memory.dmp

    Filesize

    8KB

    Download