Overview

overview

10

Static

static

3

a410188cf4...18.exe

windows7-x64

10

a410188cf4...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe

  • Size

    517KB

  • MD5

    a410188cf459e3beb5be623f1dc1ab75

  • SHA1

    85615da588fe978d82c6bc06e2b0d7db58a4f913

  • SHA256

    509b7eacb051087d49d9357c354532cf1561f065f11d0c2b6bc24f53fb255e2e

  • SHA512

    a28a42ce5ecca6b6be0068083c7fba49c76050a0e6dd92b801a0fed281140679cf0b74353c3de2298dcb2e6bf906492d9ded6be080c7c3a81472d3ee0f0e9347

  • SSDEEP

    12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukitusdefense_evasionexecutionimpactransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2304
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2588
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2064
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {FF46E258-DBEA-4B51-9AEC-C8633EF41FF1} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\system32\vssadmin.exe
      C:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All
      2⤵
      • Interacts with shadow copies
      PID:2564
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffe58015d3de81728513ca9147b70651

    SHA1

    a3e94beeb96618f21e550907f23fbb84953619e3

    SHA256

    e886c2a2c7f3febcc82edb684fbf41cdd8885e55626185cd3ee2ba582acc0567

    SHA512

    760ba03e68fa02db47291750bcf581dbc5a1ebef3e1d1a856e59f261b37338d3af2df1dca6b0ceec1366316ff92020fbf1c70e54e1af0db354cb406279b1309f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1da605ae846b09064d7c3bc36586c1a

    SHA1

    ccbb8fa5f3fdc65d458ab657a0a3e0aa08bfa0aa

    SHA256

    c058e23c555545d3ae14859b2833d279d364d47d7c460222014b1515fca839c6

    SHA512

    59985d93cf03070918b6874b8c6ff0ef9622e0c1b9fcf99f8175432c82fc179a1444865b44a098e76a9b412e877e76648be8b24e47b22c554bc708fec34a83b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87fdc3e340a1d5c6a020dfe4155a89dd

    SHA1

    1680fe50d1b62a1be3081b98b9260bec4818841f

    SHA256

    7615086b7be5d16f228b5222b2e3c6e27e9ef7b8a69df011a83fefd93701ec69

    SHA512

    2b6ea5435e481db98d20ba810d21d7fd8f14bd7aca85e9ffee87c26ae2ddad09062f863eef82f4fe79ae52cc8bbc7eb961beca9fde4b5fbeddb52a34b45936d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01059aa33d63f10d8c7f2a27b2ffcfaa

    SHA1

    d39dd811449ef791d6d1ceca355a292bce6d93ed

    SHA256

    30694396a0cb9e5f1372c47d64d19b07a7643ba309c7e8dfcad6311360541814

    SHA512

    3bd843ce10ef3ff6b43fb2e3df619d708804f1edc42a258bae9ae32c5e5a760113fcad427d4a486098243a749c90dd9fd95abc88c71453d40c6877df870cbc45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca74e9bfa052c8b88502df2ce277be08

    SHA1

    e6b848911ff3fd063d030c6218485727a3ca14f7

    SHA256

    7bfcb9805f934cca53c5dfeb41753e51a8030148434bfbd051e2ccc025f1da72

    SHA512

    a4f09a7ef9ccd2bb25396a08d10ac9bbf6dbb1ab81f2d91e2deea64ddf1930e5177b9346b7e17fe0042298bb0ea4e5374b7ddc1e34e74f4b1e4c44d2d1e70590

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef6c860403378be34daa77b7984b363c

    SHA1

    43b0f531a71692d7408b4e0edc8a79d8ba805757

    SHA256

    7c6872c05c2a6a5c82bcf9ef7d24b131048b5b5b431c8b4aca294f1160f4af01

    SHA512

    3524aef3ad33527150b1d233571b7baa3f3a01295452dff8277e4469821787ab3a44da92a7a00bc680b49fe9cfaad95d2ad5ecb550d788452d053099b8cf2e9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4ec8168f4feaed72286ae6837100901

    SHA1

    dfdac28cd5a11f200385c717e55a055c6fb70fe6

    SHA256

    0753e84b8f919ddbd7e159f8e6a2855e76ab3b271070fb815766fb63cf39f10f

    SHA512

    04000f47a80110f61324057a2cba3f79c89d98f4e56fa1226b87f953c1203e63e5af540ef850db8e69a2577fa199a33cb6af9d952cfb27306cdca3aab397d8bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2a3e3b3720f1e03fe626cd7dc739523

    SHA1

    ae59b6216cec6c5a10d491e4eb32e280dc85f718

    SHA256

    b296cd6c6a634754a2ba86020660fc54ff80d74af4574a91b80f5f68fc0e67c2

    SHA512

    81cdb2d1be819f615f1c56a70b6322bc0941467d7b768cd25c7200abaf15b8f688d6dea144f08b658473b5cf47d083f2435df233b0dbb56272c2556e480a2053

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72658ca40e3c52574db30f78dff5b1ab

    SHA1

    2cf6a8b1f47191fbe33df3be3a7db58adb3bf034

    SHA256

    9d1284de9619588d5ef2b87e91b45fe42d189c92efc24890f04ecc6771d554c8

    SHA512

    b226ae5bec74ab016de6299991de1a5b9a5e72ed24af942a31b7a2a23ec189e1975a93549eb3d30e08601b5125ae6cb0218bfb4f5fa0fec4bd61eb1b20a6029f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb3d1162ec2f241c9744d891fd4472f2

    SHA1

    da9bd6a7771bfc5aef7f3f9c75d7c29ce17cfe05

    SHA256

    f2c97cce3b328000c0ca8f526e850baae5e5134f0ebd1c944a685f0ded85eca2

    SHA512

    8ca0c5150d42fba4ba4bed932cc5c66514216ff70d2bf4ad2eb6c78d3d9367306cd5503d7816190db9d5610a0e3d476843ddc51d427fa88b77fa202568ad1cbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96ce9d1bd3649f4b6759b1c8f77da2e9

    SHA1

    6e11a7a074a5310ba01016dd49fdef315024b053

    SHA256

    6cfe52485d8de22341eeaeeaccfab11fa8603008753ddca3b1b67c11243079da

    SHA512

    a80066b948fafdb2d88412d2c29af28a7e8241f4f52f37c3feff4f532455a8b334170af3e85f5419bcde1dfccef53bfba54343197a80c92bc5aba39d18fdc9fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e15edbeec29e62b16803f42ae4a913a4

    SHA1

    11e1b6bd5f85558fe1dd308b712529acab6e60cb

    SHA256

    5bda8fc951ee6419afee188fe7a3e4a72c28c4e9caf6f3f823ce7387a0651d34

    SHA512

    b0948f3d19946f31b3e9d272ad9fc09cfac7f0ca9b9fbd4f747c7ffeae4b1de963d5220abd21a53b12ef163045ba80055e259a7bf5d001e0f345286a36bddf6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ca1fa78c8e29c6e7d5be6e4a9d5e82f

    SHA1

    fd64f85e78c4f03f9558eaf45cf84086a34044a3

    SHA256

    40797f4e79f03a3a63d8bddf44f8e3594530934d32e3e2717c68fab87e4eec5a

    SHA512

    805c796fa4f9dd52245c63a6515d51862e2c3ad0a926de364429f8d03eef210704982a60895b1e0e741a1c6f9c150d4fbd4122e5ccd7a16d3e6a32f4647d6261

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47fd87ce0cde303a22f586ee777d7c7b

    SHA1

    79a25a56ad2152e90e4ff981c638424cb776bc03

    SHA256

    f0ca355462cb7415d1ddad9f09f0da1c5bbef3efbc7c708aaf65b6372f451b84

    SHA512

    c7c0f641968d4e26befe75e30eeb05ea2e46d48d950fcb62e5b72323da87c0c047d0d5f58778167ed9b97fc9a9306bd4512273ee13d0e7cae5f306b6fa35553c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e4c8e9cb42a08f6e8badcb5d8ac47c9

    SHA1

    003a195ab37d99226245df9ac290df1908ffb1ed

    SHA256

    0bb9fbeb5adc6ad190bec5eff0c2f15eb4fde7faf586bf702ded0110fdf2fb8d

    SHA512

    b5d9f582fdead73ce623eef9d792bffa2336231ed02df0a91a10b4394eeabdd7f403c2b3da8a21e8affc6c2e191e165fb8539c3d07ef875d2ea3263778f52681

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdf30d4d349fb02dfb221add176d2974

    SHA1

    f28d18318d0af4ff68f215582f75002ead13acd6

    SHA256

    65a5f7afcc55143a2a465ae59441b12e43ddf90d6cca51522674bf7f9c254998

    SHA512

    53b697096bbc06093c45450883dc781957113a1dca80b169f118bb42d6a2fccaf39787b2d69d188c4729867f703a60deeb333a2ab7883a602e0ff6adb64692d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    386a89991e029d66584f2f6edd20da58

    SHA1

    0c625da9f160dd3cbcfc993decdd38afc2c27abf

    SHA256

    f946a396e0866948e120817bf1b71e890667dd9d988a2978d0a8d42f66a32b38

    SHA512

    e23d2d45ba4a7b0944625e95271097d061de4321b3b5eb6289a66dafe4b52a2a71a87b78209ee00dbef2d52978b8f88eab3e863e6d8339d26a1152fc6279a456

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5535.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5626.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.5MB

    MD5

    aeeeea47671fcf1414976a9852e8eb1b

    SHA1

    364ef2e6ac0c7c25f542881631fd545010d1f817

    SHA256

    b07ca7936c962160d8da6025f6a73a0b6eb967f0df61e5e9e4af12d737ad98e2

    SHA512

    e0231b8f5aa6f4ae4066e0bed29906bd1064a75397e1cdc03d3b1d476f6d79e070abf0e7ad479e897b6c5dce1cf0946386a848e7c23f85f4f6b4c1c76a0f8989

    Download Submit

  • C:\Users\Default\lukitus-aa29.htm
    Filesize

    8KB

    MD5

    6b40691c7a974cf4576e1643f89cd149

    SHA1

    f1f166aba6a7a2c084af9d65d095dbbf94002621

    SHA256

    8177e17de030d7b1823eeed9616828a520248bcc82f21d5825200d13860727f8

    SHA512

    3e20dec0ac059cd5eaa4f38a4e01420f9e831e341af2728d6f1f2073a6a86721e9a51fc461caedff73c5976d6c3ed5f2c19ae1e7e7847c437fd1689e720299a4

    Download Submit

  • memory/548-264-0x0000000000170000-0x0000000000172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1132-263-0x0000000001E70000-0x0000000001E72000-memory.dmp

    Filesize

    8KB

    Download