Overview
overview
10Static
static
3LCRYPT0R/L...D).vbs
windows7-x64
9LCRYPT0R/L...D).vbs
windows11-21h2-x64
1LCRYPT0R/L...rX.vbs
windows7-x64
9LCRYPT0R/L...rX.vbs
windows11-21h2-x64
9other malw...0r.exe
windows7-x64
10other malw...0r.exe
windows11-21h2-x64
10other malw...rm.vbs
windows7-x64
1other malw...rm.vbs
windows11-21h2-x64
1General
-
Target
LCrypt0rX.zip
-
Size
3.4MB
-
Sample
241019-kw4q5axepf
-
MD5
720802788787b51c93b18ef551d016cf
-
SHA1
f20ae72a9966d763406d4cf19e8fd0859faa66a5
-
SHA256
a04ccc459ad4dcd2cff42884c5c64f2032aad33473ba737828747b932cecb99a
-
SHA512
44944398674aca3dc5180d23841940dc879410f26278b22bdacb01d7470fe9dbf50e6906e858e3e08cdc6fc758860899d31e2b2e7c2809475ae7669d7f7977b2
-
SSDEEP
98304:rsxula3VQodjlF4OeldBVaZtHHUSMn98IHLHJsBRXpw9wi:mulalQWS7WnH0SM98IHLHJsBG7
Static task
static1
Behavioral task
behavioral1
Sample
LCRYPT0R/LCRYPT (OBFUSCATED).vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LCRYPT0R/LCRYPT (OBFUSCATED).vbs
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
LCRYPT0R/LCrypt0rX.vbs
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
LCRYPT0R/LCrypt0rX.vbs
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
other malware cuz why not/[email protected]
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
other malware cuz why not/[email protected]
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
other malware cuz why not/loveletterworm.vbs
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
other malware cuz why not/loveletterworm.vbs
Resource
win11-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\AppData\Local\Temp\other malware cuz why not\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
LCRYPT0R/LCRYPT (OBFUSCATED).vbs
-
Size
320KB
-
MD5
6f55f68db81f8ef546730ec2a141f4a7
-
SHA1
36087198ac97da02d84046de0a91554475ab65a5
-
SHA256
cdbed092e0488b81c8711db71123028cf9276b35384656448d9477016158a954
-
SHA512
ec722ca125ca7c8f61ca934906ef02a1bf74285e987c4dde5b9599c317a9fcc02689b284f99a447916aa6341ef2a2ddcc7a5a0b6d0f8634cd844cfa478264373
-
SSDEEP
1536:SbG4qdVG4xsDhTF+eHH1XWKllcNpZOE74lxGqUyJWaxVlM4yUEWFWLWnVCOrDJTA:/xuRFXmYK7ZWE4/vq/pfrMe6s9
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Disables RegEdit via registry modification
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
LCRYPT0R/LCrypt0rX.vbs
-
Size
12KB
-
MD5
24cbd3ad1736fa6950e220bba381429b
-
SHA1
44ceaa0b8622f64ad1e1d2283c4cfcc8629be152
-
SHA256
719ed739717c7ac5a2bbac4187738df3ead0e38e31f4a656e976e9a5716a9af0
-
SHA512
fc8fb1b1d06bf331c234af985f0fe2269d2f552dbd315507bb9796bb20eec948531c08e3f385ed9a1e6a8e86001fcbad2a8a8601fb1265621d634c975ce99ab8
-
SSDEEP
384:HobplStxYHQHSH7l+ii3qF2ZNvLyyB8dstnH+7Me:aM22M
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Disables RegEdit via registry modification
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
other malware cuz why not/[email protected]
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
-
-
Target
other malware cuz why not/loveletterworm.vbs
-
Size
10KB
-
MD5
d94e46e40f5663dd698dad3369f1f782
-
SHA1
9c511b8ddf0c2c9ce9c32d92cdf60c1e3d1c8abf
-
SHA256
bc39d64a797497d2e0e6cd498f7b84c6fa2464cc7dc29114ef9af438089c5f25
-
SHA512
07e6f98ba6374f68886f9f642598744b91954a76e1b23fdb9ece89835b596d9bde68c96eedf5f2bbbad3d53b84b7d1dd231ebb9e8d9757996d2779b4c802bd02
-
SSDEEP
192:brjZcrmlHV31G7sMBMLMLMiMhM5MmMhMrMXM57Mksc/021wqIVCPsz87sGdOVRJS:brjOi1V31GoIGWFqAHqi407/sX/pVCdV
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1