Overview

overview

10

Static

static

3

2024-06-15...ky.exe

windows7-x64

10

2024-06-15...ky.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-15_cc60f1fef7151af6d07cf08e30cd119b_locky.exe

  • Size

    517KB

  • MD5

    cc60f1fef7151af6d07cf08e30cd119b

  • SHA1

    70beea7df6b48c35f12ce9be10b09c89c1fcddb5

  • SHA256

    2646ec67308fdc3f42794bda0f9533e4624dc9b53cd74f321439df77963bfc06

  • SHA512

    570e75f3e30dad4c70bc6a9bf5db5fea8aeef121c6ed2d69bd772d58c2fa6f75659ab063e764397bf59f18dc5a4ceb7ad8020a412eaf022058f13f29b44a49c1

  • SSDEEP

    12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtQK:zVzzzjNO4FkUQ2yL7PtIdGudqlb9QK

Score
10/10
locky_lukitusransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-15_cc60f1fef7151af6d07cf08e30cd119b_locky.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-15_cc60f1fef7151af6d07cf08e30cd119b_locky.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2024-06-15_cc60f1fef7151af6d07cf08e30cd119b_locky.exe"
      2⤵
      • Deletes itself
      PID:2832
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2824

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97ccf5f560ee985b416f0f54fe1be697

    SHA1

    67b6c1ddccae50b5f0ef744e0cecf4f7ef78593c

    SHA256

    9179a1b815df243557ce96713f0924c273b0a56eeeb63c677a28a1010dbb45a0

    SHA512

    d51918733644ddf3c23200f83931b5ea9d71b8e69dc27352e5de12f75d436e7886cc424c13ea3f7bdf7ce6578347b9021dc24d5e4ffed71d703de0f29f761bd8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfb01392ffbb9d1ac43b099f61cb9d16

    SHA1

    4036bc6fb0593a48971e446d60f6f7091614047e

    SHA256

    f6adeb893b87abb4c16bc9ed6c0973c2c212971b1eea8dba8034f2d1aad05d8e

    SHA512

    a4ed51be82037359122b938daea5d0ada94ad8feea00f49e0408b3c9c2f77ac31d752b9316a36a196e6953f4eadd7e195c8c9cd2c115571bf32c137a53f10e0d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14df2467db19f9246835bd82f53ebb42

    SHA1

    947fd67ddf3ff1f163021407ad8d4cd22ac4380f

    SHA256

    4ddb2d30b11ea417cf6c5507e3c55efdd7bcf6168b70e6ea931455784b4ffb47

    SHA512

    cdad7352fc80fc163b2dcb8cf69c842ed914bb91b7abaf9e1f63536964bfbba80c641d96e701584f5f0340c9545ce76e4bec380a7d70599c799320a9e564b622

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    095a4faac5f68ae2da4ac73b4943cf3c

    SHA1

    66b8b5d3b96648cdfd7791ca3ba09d7f0a7b223b

    SHA256

    2aac18af9151388263a1e3d1abb28a389281139c61cfbff4a844ed7582905949

    SHA512

    80b8b875e5f670b5419150d856429908f291496b2eec09c01906322e042267575c45965ff025fb216b2d25af18c99a5606138a0f728377f31213d6dc94834e80

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    848371f04411c5d027f5e2ea92e83a0b

    SHA1

    4589dfc94ba3a3bc92e87265b81a13f0931792fe

    SHA256

    bd44a1b93fd0e3390be2f055e3953988106271c9f14cbe4eae9ee830f37faaff

    SHA512

    fabd664f4d18dfcb20c07cc7fd333ab7198b3fc7adf8689e6a13749c577520b0bc60e8068c73ea20a887ab82d7645aea63021a803d33db61f3f2b15a195e37dd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6dc9c8b9954c8090b60deb9a8fbbd96

    SHA1

    26dd6bfec0f914092075572c32bc99129f659d2d

    SHA256

    db79b28f13347a9b59a45101e9e9a35f9699340a3030b8f02155d0616fe9ee8d

    SHA512

    875bfe814b707583db32bbc4eeb1f66dcaac30d64af6c382f0388ed783c23143f0ed904703cb8490e062f7aa3bad4d3bca23103a6971b74ed7756dea41fc392b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e968384c0d5e0c9dd46ae4197cefe22a

    SHA1

    b87d0ce9551e0c38c0a9d4eb73e6fbde1364e9cd

    SHA256

    beea4d2856908ec02905839741c88b030e13dae8b2b18066f42675cabe983222

    SHA512

    577f4719f1e12ab85d0dcf1573d6cecde212ac43d4e6f9264c0cdeea89da2206760356d23bd7126487274d2b2378e48ea398fd4875635866b253e8792ae15f24

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec8ac9ba84fa9168acec74be9cdc783c

    SHA1

    fed66498d8a4b636d09d68486670994d8ed75bb1

    SHA256

    c697898a1f001ac3003e8a834b05c69075992098b27d54a17a49aac4124e21c8

    SHA512

    d42d206656e484b70bff5b09e5d5a0d266543e184de7ad83630fc6d544592664ce3da450feba7d30419e1414a61c7241597bdcb1b3134ebce422259fa4cc3297

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5999fdf9d04b969085442700c034013

    SHA1

    8e10b5321452105df96f4938714a73afdfc31ee8

    SHA256

    05f79515ea3f9713437fe331b22828f37afb1be950e100fa9af9235ebc40b47c

    SHA512

    e693ef119e089af8e6d6358fb6c3a621b23e24a315d13175b4e665d1bd59252d32b61ce3e6d489184d1060b6a9bf48f9fa5c46671b74946ae77fd76acc756492

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabDE01.tmp
    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarDEC5.tmp
    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    Download Submit
  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.4MB

    MD5

    2104aac51b058deb2c11131b827f348c

    SHA1

    c095c64b748b41a699984e63872fadf1eef6aab6

    SHA256

    8792550a53894f6de6ffa6b38cdf691233cb6fa7026623d1e175808d77273b20

    SHA512

    2806db75b490c39b5683ab556e5e9e7d997cddbde7235af78a015c30e729ad443e9d99153279fe519373cd98444f1f4f8cac485a722745a36498dbe51e58a99b

    Download Submit
  • C:\Users\Admin\Desktop\lukitus.htm
    Filesize

    8KB

    MD5

    88a8d4c9dfdf8be4e2f2c9265c443478

    SHA1

    2cdab4825e9fca85e72e601bed59b40539c23337

    SHA256

    503986a4cf3ac927034f5417ee64262ada1ac26e778a49faf8a12336fb4cf97a

    SHA512

    811c9160671cefc2da141a47f8bb471a96036c959f94992421adbe93e0b6ed9fabe23eb1ea97d8768f240c70f649a5c4a953bc896b3b2a48dba79d6c29a64ad2

    Download Submit
  • memory/2384-258-0x0000000002C30000-0x0000000002C32000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2824-261-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2824-259-0x00000000001A0000-0x00000000001A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2824-643-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download