Overview

overview

10

Static

static

3

ceec01f132...18.exe

windows7-x64

10

ceec01f132...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    ceec01f1321c4abd3a319adba71b8ce1

  • SHA1

    3f775d67433a13693ac53bfd0e5bcff0e078c15c

  • SHA256

    826b02f896032d0abb0afb2f4a5228f8dc148518f29007929cc8b5368dc1dec2

  • SHA512

    ccff9e87a9cfe4a4016ae1320b280c2df6f119cac8d71a3c0f4f6b1e3dd4af5a8a693363c2d91bf0107b689eb5b2ce2d8a96cb91bcf32aa49b14ea2ad029f526

  • SSDEEP

    12288:pBRpTNxQn+eBn7ZAaOEnd7InQ0/MrUqaf9t4QUjXhSdOJbbB:pVTNxQ+eBn7lB7U/Myt4pRxlb

Score
10/10
locky_lukitusdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies system certificate store
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1692
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2736
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90381dd451761e6a87c7e1e3050e5105

    SHA1

    0b0d6a0976f676a51d343258d6e3d03a0d3f8cf8

    SHA256

    48f8aec3f34cb3acb00db13934bfcfb1f349ce858b58724f758e4e7e67f0acb5

    SHA512

    9b4e69611d284b7d2b17701674bc7b718e1e6e67cc5d0ea8ec0a692fba861ccabe867aea6e0816152c5b6ea3ab6aee623b69274ea92767e5941b38d2087b845e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    420476d0f219cbbcca90f1f2ac70bf9a

    SHA1

    ef37e8cd5df7ce6a637d82fd2754315467e4f3c8

    SHA256

    aca56d00dd1687d003b081d0170bc569cf79735098cc99dbc4871220a36dc9e5

    SHA512

    ce40ce265e41ee89edf82b2e6e56f7b88da1084ad49e5e575e422f6cad59e66f08d814659568c3f8471267d065f8fa2dd70e9b9ad345b9d1c252e1dd86dced14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55da96fac189933cddc1556f52a1c67f

    SHA1

    644a046c10af00f4d2b20e34422cddbf12262e4f

    SHA256

    72a7a7c437c336628369fa869faa7f4b0c7c9999ab7c868e0112144d0e56ce91

    SHA512

    1540a290caa4768902fb9912fa70692754ca6906f76668a5197154180d9b6b420e067f1914f0ef08801792f1910a89d6603ee66da05fa7e2632438f1dd0ed57e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    642a8cf72df9b91568c0c46968370144

    SHA1

    4e16613da34573eff88faadd34b5c6798a9b538b

    SHA256

    2b030c565a3cb62947a671057d86d31e229efaaf89634ea5cb91d54fe9af3d45

    SHA512

    19aebf42539e9787e830a43212f3835c96682efb4d7df4d6c0ea406cf257187ea3f57e9dcf80d02bf493c3a5a285d2ecb02f1d03399307c39aed9a26c02fc140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    657ef655bac4005d21567ee11f7a7064

    SHA1

    5edc0fee0ad8d546d0f04f8797debb97824ad79e

    SHA256

    e6056dbebcfc12ea7eb75443f01b45efba6d17c8b53f9f9e345f653630226061

    SHA512

    3c1b7c3a76045fd8d8680409e83af766f09ded81a27b00e70cc56911cdff12844f6dd78998e4bb2549a0ab1e10bb13935860a160e4613feb947bcfc6df22577f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24cb32a6e2f886be7bc57f7bf996b8b8

    SHA1

    3a2f7b7f545242c39812f8db01851bb1c355753a

    SHA256

    07cbaf54f3045f1c3698dd725877b08f3db8c5e394c7447b65af7f094ca1f777

    SHA512

    31774e8dd350ff5b53fdb0d564c7c871ee1b79e2bf478e8322d4fc23bafd6e1ba3068a737b9fdef50997038b01c5ec288a9a8a3ccfad1b74fb8c12ff7c85ad3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e03b4b253a147041fd01dca52b09aff1

    SHA1

    7d9edfe16273f7083a47dcf2fd1b58a4f19b908f

    SHA256

    b1d0b93f8e0acd8999d6e4d632c97aac8080a27c1b4367c737d4aa8567961109

    SHA512

    40b7fc3d1ae56bea2d439d104149c80d29ca8c11d21d74e38438a17b4e585f4f1a2732d71964e5bfb4891e3d56853d814e817a46f39fe3b374a4713ed7a9f9e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e3e1857d5155640c5c21f8fb02a37cd

    SHA1

    2bd0d5c564d9443a36a18f9a643daf5082ad30e9

    SHA256

    4b157b9ac849ac6b8528e2a6bbe05530dd7a0504937685fc0237488b96e00f8c

    SHA512

    81597c7b8cfcd1b1c4fce8e820ba178808baf5684d6c5a5f7f4fda6f450a344ddae090ddf2b8720e11685860f76068eff62e9f019df8295989fc174db199e039

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ce277285c22c992ea0e6294daeab438

    SHA1

    38d6b60d592d6b9a67370363a88d2b3efe64f2a9

    SHA256

    3fd173cb90096ee1ca99e349d12e5d47f197dd2c68ea42a9faf6bc4a435f9805

    SHA512

    e108f1d1cecf654d3b657dff6a823c2b4d5796a9ea9012c287b889442fad450866901d722e0c6053339f65dd41af6ea14f02feafcfb35ff9c1293b26f6f84e45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4f2f89667ee9a2c0cd0de42f47e5507

    SHA1

    24f159d19672539e45b8fd4fb2999718ca95cfbe

    SHA256

    b56cae7923b454826df51b044bae37e36d110bf40506f4bdcfcb37496cba1f86

    SHA512

    2e0ece0ceee3349c2c32941fba7513312271fd407b2abb7be91f0277f07dfb0c3b69550eaad9b468d4d959ec048a2e5667470901c20ffe9f9ceccdf78d8ce0d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49d672795344e7ee8e8d7c97c25c7355

    SHA1

    db50c3771297af95c7debd5ccd826a08aca07b37

    SHA256

    db2a786d8085c7d658d0b899ca61f516095e74f432ec5e4634dfd46fbb53fecf

    SHA512

    979aa00ea84ad359a63aa1ae9e8e4246e13b1f829eb3a314552854a28303b94bc13c4f3276d8a5acf7b59b7179d84f2d8f596ae79e1c44ea3e2f5ceff40642ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    670128f23621a79242c0e80aa0fc4a2c

    SHA1

    ed2f4032d28b05ba41fe887de1ac2c1b25577662

    SHA256

    398dbb52b65e982e552918ebc8248bb91a16199e05b9255b7349b03024e33d5f

    SHA512

    d1c17f0d302f84ea578430d5ef1d419c34901aeca4d05dc72eec4464ff458714300211c19d3ad0eb6a7e9ab831145d72ff14f2a2867219c57c812c4d54efbbeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20377a8df008870614ef902fab480269

    SHA1

    360666addd0de62c57cc70ed3778cbe878d78c0a

    SHA256

    e44cd0f42d25c8962dbfff778dcaae958102abf41affccce1a26d2e280d7986c

    SHA512

    d005840f9984f273f0a2f915aaa372574348830ed6521d4465c97b0caa273477a1afdc4a7adc4fe1598470bcfb57bc90d2ddcb5ec043884fc28cdf48e9ec21bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e23b61b858c5c3eedf5d482de3d14674

    SHA1

    f1328fc7d374dc1cf6b11597b1903309c4f6e212

    SHA256

    8a0d4a13e5d1dfd53f0eddde6e58da0cf5fba7b24e46f4160788c18afe6fbf7e

    SHA512

    7f60c45a4b042025a89ea01e8c73e13997ce7d24a275dfc94f80861688027b93d1fcc35f8b17f2437eeadc954fc0fddc9b7df9a78f4d6693034af31582a41e87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a2499d669067e6603db9d89ee47c399

    SHA1

    ff6f446ba6d56bf6c1c5512d6be6a8ce972bc6f5

    SHA256

    29ae4969cde6b1a863c8aa204b2b1b0a31f8181c6d38fb9bbaa160b0322b7821

    SHA512

    6a7ab5c04a4e358186dcd63019e58b398d3eaeb49b3ca4aeb2e9c270cfde7d8683fb39372d268c7e0efa30015074f8ff6f50d0175a68b25489ce541227ccff20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a005537ce4fdccbd59b5e836fb19a434

    SHA1

    66e22b702e01e5583e38c64b54dfa1cbd7f6dce7

    SHA256

    dcdd80b53164ad45f6c0b530a2a73d242b7b6a5584302cc2b5e39a7ad0c60bdb

    SHA512

    4b1845c74fe713d1bc427c0c407228a2598d292afddf1c07f81fd348ff9e24e9d2fd41ba27c1c37d453a8ac9d4b3a3a39baea7cf78e0113d436a4b1a5107f552

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28657825e5dba23a5a646eddde1ffda7

    SHA1

    cf87704ace09ca9a4ef9bbcbcd0e215633c7b33b

    SHA256

    9fc2a0f53257818551496bf871d41f8d3e79c30f3d638aad176851fb29e11c77

    SHA512

    2f8d930c751dffe29fbcfba570a63efdb12d94b630c904bec34f7bed96601917ba3cef4c77b12d1a2020922945a48538840d2b340904f5cce7e6a8ee312c8cf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30069c49818b68ed1025183532f17600

    SHA1

    83e8c0b35cc4b2db13fb1f5b399fb616364c37f4

    SHA256

    28e4cf3c326f7fdd704a26c65b96379e54a14d0da96e8a8b573b22d689100ff8

    SHA512

    88871d70dc18d4e9b4c3d76826cb7c6fc185b08cc1ab57b946f2861020a9f747d80b636047b6350ebfb89c79ffeaf3ff3d1382721499ad53571e0cef57c7adb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9231b58ee33c190cd7b676d8a60f2aad

    SHA1

    83b49423d7d9ab0db8d1c1757b3f9a9e9ed9e2a4

    SHA256

    d61a9a156a56cc89c1902d9c126b044404e428ef61713858e50775586acdf2b4

    SHA512

    8c0c4905c484140e9d05259bb00e4184722797365c4e3db7ddd41de999859d8beff8a1bc92b03503b9d1e38238822109ba6ad764c99644c813cca83ae3f94847

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE293.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE2A6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.3MB

    MD5

    4ad806208d3513b1b7622fd095565125

    SHA1

    81986f8785551784433b0cb3d00f4cc509fd928c

    SHA256

    8610cbb5ce987d8abcaa9793add35d2326c711bbffaedaca517da2ff27e462d4

    SHA512

    bcc2bc8516e2111ebc48490eeeea8325fe6a214135125490085a92315ba81f33bc24d0ba7bc38348f311da0c71e4f22348bbb217fd0dd88db29936278de625bd

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.htm
    Filesize

    8KB

    MD5

    afd42d03153a5ce7d712ab3eb8bd55cd

    SHA1

    0d30f2ea1bb1023ce6ad2df8dea4f4fb30d121d8

    SHA256

    7e6f8df5d33df327cb61da4b8e39f67db33696552caf40944ac5ef22175f85a7

    SHA512

    5d7d39a62eea00e0464d2d0f5214e884ea4481170d634a843f9c35dd8c001a119e7cee81d6fbc54830d65fd82b88c800a29c4adff0da00ecc1c59389d334dbe1

    Download Submit

  • memory/1656-742-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1656-309-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1656-308-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2552-307-0x0000000003380000-0x0000000003382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2552-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-17-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-18-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-16-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-144-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-301-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-303-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-311-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-2-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2552-0-0x000000000049B000-0x000000000049C000-memory.dmp

    Filesize

    4KB

    Download