Overview

overview

10

Static

static

7

066d06ca00...81.exe

windows7-x64

10

06d6f22d02...bc.exe

windows7-x64

8

09f1d49065...d1.exe

windows7-x64

10

208cca124d...45.exe

windows7-x64

10

241f67ece2...79.exe

windows7-x64

1

30616f6c48...60.exe

windows7-x64

10

44f28cd6ea...7e.exe

windows7-x64

3

4b190a407b...5f.exe

windows7-x64

10

72ddceebe7...6b.exe

windows7-x64

9

7b53a00b3a...b2.exe

windows7-x64

7

7cf39ebb44...57.exe

windows7-x64

10

8c42a08427...51.exe

windows7-x64

7

9d081b734c...91.exe

windows7-x64

4

b25cc31472...15.exe

windows7-x64

10

b2ec72de35...8f.exe

windows7-x64

6

b4c2ffccfe...dd.exe

windows7-x64

5

bab7af3306...be.exe

windows7-x64

9

c531015ec0...86.exe

windows7-x64

8

dc7ab2e7ed...60.exe

windows7-x64

8

debfd1fb34...d8.exe

windows7-x64

8

df36e2aaae...37.exe

windows7-x64

9

df99316e57...27.exe

windows7-x64

4

e60fc4473a...60.exe

windows7-x64

10

Analysis

  • max time kernel
    840s
  • max time network
    842s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe

  • Size

    657KB

  • MD5

    e9a81fb5fd86ba9a78ec6528c2b1ae37

  • SHA1

    bb0881b7179033710d26beded4f69a9a8b80702f

  • SHA256

    09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1

  • SHA512

    377bd6a4dd3de769d2c39248a9c4f4af333b5736012b4f9948c8887850c28bcee53f222d5443f9971d908aa2cd745811a71ef9f9277821a4ca10138336419801

  • SSDEEP

    12288:F5J9O/FV+fwQRM/u4sAmz9BtiSPUYT8gGgrluz:F5JM/FV+Iiuzc7MWGgYz

Score
10/10
locky_lukitusdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Locky_lukitus family
    locky_lukitus
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe
    "C:\Users\Admin\AppData\Local\Temp\09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3008
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2060
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b7ab930b7885ea06f364a6bc8c42d79

    SHA1

    975a254be605ac85cd099373b151f427515ff5d0

    SHA256

    59a1d18a2b70c63c2ce3c62acaf8915476da659a6c3c575d37383aa841cc286c

    SHA512

    51e7f259adf51b3f848bf85863b3970807474e7b665d6b536fe043faea91253e618c1b97d3e9cc6b244f17a532bd20d66bdcea7b79d51908bf744393b4a16042

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    646ec59caba0df4093768506d50b1818

    SHA1

    685c23e290bb9ca9b2357d37eaf8eb8f77b9fbbf

    SHA256

    90c5b7fe52f2981ca9780753b90d96134207feb9724ab4a9fd0aadebd0d898dd

    SHA512

    ee2b7e94eb3e644f734b9b01110c6ebe80d19bdf0b9581729eaea1b1541d1264865a8314e5b2d8e488ae43fcfa552a32e508ab6ccd9071174381dc4b2d087ecf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86d784f3913fdcb43bb94f1bac592e29

    SHA1

    a89d250b9ce19fee56f4fdf8ed96c6ba054241da

    SHA256

    e382c603cae98ebb5258ae253dd053b487550bef67ace7d660c4ff38d099d64c

    SHA512

    4aab7e08a170b7287867e5054d51b52d356f156c9e00a32b925321e05dda21ee6e6cf90bff6ccce1bcc0d9c12b5abc4c11067ea0d699753ec971ad5841d4ca25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1de94130d905a09a6bbc718cf4c4395

    SHA1

    529285e4d5d052b01a19fff5883d03c1b42ff968

    SHA256

    e02deeb293bc41aa5f00c4f8ecfda4ddac4a9bab72b8aa5e2451c280358c463e

    SHA512

    30cfef66c1a2af2dde60ed830cf42a3d14836079ec1e2c1360a1b37d044b71dc48d7db72f4f1e9afce3fd5e19f5bd023008949a0dc8a5270153ceb24477c8d87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d482d443bfbd82d957598ab3f99e7ce

    SHA1

    4a3ad941a13a0f8cc5ebbec5974e9902b7342f5c

    SHA256

    28f1ad96394916b94c1eb98c5929ed4bb122530bb3b24c6e0367c99525828488

    SHA512

    3dcb64fc07680b0a40718266ad8e21abcc3d2f68bf30799979530d6e8d003355627cb900aea3f6d0ab83ac4c0db1e13d177f279f7a0fe100290832ed18240d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8db0acb513d7219c6e77d2cb3203fe0

    SHA1

    eb3285e179647910a6e0bce9d82a2fd955388d4a

    SHA256

    7cfc91cff9e81d12002d0fab649f6d644a2b7be2baec6ba51d97e68f81c1fe65

    SHA512

    915e0fe4883d32168854c7e2d66c2bde430ab87557b6736f878389c8d50ecbffeb5e034345308474a3df54763da9a70994342cb482d268f58be86fb9d60553fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65260cf41e11f56b8185d18823de7b27

    SHA1

    38b6b5c4d99dfe612236e8dd92e757279f201fc7

    SHA256

    adce0d7746f8558b3ae0f8e4b56fa885e1360499aa5eafb6ccb97fbef8051399

    SHA512

    0550d579a5358d80a8b7d5172be86b507e90d8a3731ba85edc551ca1bc8cfcc29b49c5cb3aaec5dada5ff813c81a6ac017baa3b00e57609fc257c643c477f08f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de9ce9572e9fd95789a0360c785e9a8f

    SHA1

    669568c5c3d845acc48e99aeee17917be0b81c2d

    SHA256

    9ab425508750f1c950a6b8eb89524e15c5dc4216313386804bcd82a3084a5433

    SHA512

    4fd0e97311bcd7052466820f7293eb7ed7542b558f77d9017454b4bfa77302f28c4abde0e23ca8eea0a8d8edfdae35433b219bf40174a0dfbecb5804ee3a6ce5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e4a3d2db8b6368bc4c009f611297468

    SHA1

    77057ddbaa9834293c43b782b5f4a635af094aa6

    SHA256

    1ccafedee361d1926cea5b6d6f357cfb52f650a190a26beaa208999c31922881

    SHA512

    3df928cd8824cc93080647a74d9219d5e08c5df6b51c3628f762ba1aa7bea79268cef8aa8b97d72df03122aae5cc4997b3b2adf85a71428e263495dcfcf35352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c77fdbfe8d05c12887479fbcb37b6128

    SHA1

    8a97be876d3ae24947de5130ca45ee3275aefa80

    SHA256

    6ab32dbe6144f22b712dc1547137d03491d227f16fab76bb4f8bf573bdd42424

    SHA512

    bf049918aca32d4e02320ac16b60a8a37adcd08b415a38a0274aff92c4b817dd1b6d54270f73fc3d25b837a840822e606d35f7433d934c5f3bd98c326f2d0b94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    814e9c23ff60b02f31f774f8f827a10d

    SHA1

    1780b11dabb923f99a66994635b9af21c9df23f1

    SHA256

    74fcb7a9dfe84380068afae416da943b46e6bd6b1b3c6457f7b747a2c33c9563

    SHA512

    b7330aea0e438445e25acb13101c4a0cb759b1d955a513ba90bd3352729d741cac9d3411cdc26e4d7b414f20c00f4d1bf3b0e42b96c05cdc16675731fca35c73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    590a2ba08f78e60aa9b547ee49a2e20e

    SHA1

    cec4f734ce29ddec9e819332894ac2c8be7bb168

    SHA256

    2445c376eee517124f84bcf557684959da06461ef0a8cba6bccab25000190d52

    SHA512

    d0e232cda1818bb2864fd13588c4e1e5f93527c4063ffbe0b5819d36ad42562020348ef9022168912321279fcd7ac35b3ac3345aff49b851934893ce4cc50148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e497d1080f000c368c206487953d91a

    SHA1

    085332b09b0ca23ccd148fe57829a8c517a6ee1a

    SHA256

    af2d7d21a0478897f41c1ef15d132accfa3772ea0567a5c59d029aa907f188ba

    SHA512

    babb166dfacd81cdd7ba19696158872087c0c0a0f190809c708143dddd09c18676e6fffc45f611a5b3d3d03b85425b3905bcbb42fdf033a8b781076acffd583e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca9920bd5fce90200879f3efa0c491d9

    SHA1

    c2409dab68ab1e5635e858bd4d6dd1ba98f09527

    SHA256

    77dc3e0ee6574aa9e2783bb2e816817a3108e3689279433dbf17d0dcf572029e

    SHA512

    ec389eacf45c3af0eaf34ca6c4acd577a1c3b7124c153615fa0737b531174845f43ea31ddad5cc6bc691bccf167823cc6bc70c777b100707636193fcf5012136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b42ce5654100b412bc745145511b3fc

    SHA1

    de2c4b5d9f7fa7fd0e68cadbe679cdb3c39bc97a

    SHA256

    9f3d66df8c64ee770bfda28f6c97b7aaad008f6f33c18a080aeb36d059061e7a

    SHA512

    37a033fba1b86835601135fe2f591e98f673d6b818af4e95abc49324b0e02c86e21e8370b4022ef033a715d34525d4d260e8170c48a5b93d4c8e89eefd6498ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d198453132f35c61c1ca3163e2407a63

    SHA1

    a841c3604a7f1bb62ee637b0502ae2820ff86f5a

    SHA256

    ddf89cd670c74959bdb7686614931b75bdb7c5f44a18229654e6182be24a0d13

    SHA512

    34c6ae550810ff46d6be15acf59a28f6289044f356991ba93887b9591902926a731f91b65db090c8d88f472215ca5a099abd1072beea5641c06f462fe6061574

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3fbacec4718b743aff21f5e9cb32a99

    SHA1

    e24b73208e0abc63e61429e330e60424991d31fc

    SHA256

    b723db7ddc19925038aca7043aa0a4ec786f4107df275498a599a1b5dddda3ce

    SHA512

    275c6757bfc7f367178a2da40cec4b2a775d67a460408fe339b5e80394bcaed26a1597c67c9f7a6f123e4521852d2a3ee5824dc797fbba9e3b496b27ee4eae2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f58f76bfa1dfff4cf3e929cd3a754d9c

    SHA1

    6bba781c9fe36693ad5c33187fd69e0546d418c0

    SHA256

    9fc4ec8ff0764f0dfbfa24dc15731dbfcc4cfdcb1849585b9a6bb205e3b14faa

    SHA512

    ed39f27483c11fbc0ace10453b1ffddf3edc4dfca6ed39c2cf301322338de0c8e79f1f87a1b66b0fddba2b99e5a081b94f29d7821ba556be69ff9d09dc8a573c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de8b7d973cdbe09771419d20d976ea2c

    SHA1

    be8600fb0d3c57c999be84ce6781109ecda77730

    SHA256

    cb2151ec02e8701150d2ac7aec192ab9e9ea7b183986345c80f840f9bf6ae755

    SHA512

    a25da9a62ce64f6a52b5834df3e16aa0f868ef6575d43c0cdbe620ef86bc6ae558de3787791d513aac7a8688f10025d7e6a515db2da6a66f67e5d9ba4d4c7844

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab365D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar370E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Desktop\lukitus.bmp
    Filesize

    3.3MB

    MD5

    b724fa737a702d932a7ac1a32c67be25

    SHA1

    3ca9095c4b6416cac1a07ba3757c4e6aa61685e1

    SHA256

    2cfa19941d18ae70fae567edbf84ac3f5d9f97f3200ee7e3633df2255a3205ea

    SHA512

    ca8aae51d44c66c173e3d16f3646b01f5e10ea8dc0f6a7ed4778397af78c5319cdb6df3bf6aff3fdb4ac91ba4ec024f5883f67bf0f4a7bb180c03ef058ad82ff

    Download Submit

  • C:\Users\Default\lukitus-34d0.htm
    Filesize

    8KB

    MD5

    b81338902b3b102e94812853ccbe7112

    SHA1

    f8f55abbc9fe1b9b1523d16bacd831b385dbc169

    SHA256

    27dd12123307723142215c9c006565870cc4d4844aceeeefd8c33857836cd9d4

    SHA512

    f5dd377d647337102fe847c52e165c02b5e2def6cdd559203d9b7ac81619805e8cc372c562a259db0ffb8c91fa2982fd7f02a7d4773f66992ab2a7a7a071f3d7

    Download Submit

  • memory/2120-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2120-8-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-1-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-2-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2120-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2120-294-0x0000000002C20000-0x0000000002C22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2120-5-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-3-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-12-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-14-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2120-297-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2800-295-0x0000000000120000-0x0000000000122000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2800-296-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2800-728-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download