locky | 69b7591ee14de24efc887e7239d89f6cf41126b7ce5e119cb3eeae2ca0c12ef0 | Triage

Submit
Reports

Overview

overview

Static

static

3

af4806b9d8...18.exe

windows7-x64

af4806b9d8...18.exe

windows10-2004-x64

Sharing

General

Target

af4806b9d8627c865bd6f4d611447751_JaffaCakes118
Size

2.6MB
Sample

241129-gjeppavkcn
MD5

af4806b9d8627c865bd6f4d611447751
SHA1

b0fd17423398c13c6f271dc2c1dced3355e8db24
SHA256

69b7591ee14de24efc887e7239d89f6cf41126b7ce5e119cb3eeae2ca0c12ef0
SHA512

bfd0eb6cacac201aa4b3d0c6146419df1f8282a242bd720800cb60d7426af3922749df885a2995b5ea079b74d1db434a03492fe7be5baa1e6ada07f7ec87460d
SSDEEP

49152:4VKjxFspS487/TSwUOdAf6kuSbPMMfT3Mk1h8B8tx817R+w6RlEo2QfhxLtAxC3a:48jUpS57/TSwUOdAf6kuSbPMMfT3Mk1E

Score

10^/10

locky defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

af4806b9d8627c865bd6f4d611447751_JaffaCakes118.exe

Resource

win7-20241010-en

locky defense_evasion discovery ransomware

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

af4806b9d8627c865bd6f4d611447751_JaffaCakes118.exe

Resource

win10v2004-20241007-en

locky defense_evasion discovery ransomware

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  af4806b9d8627c865bd6f4d611447751_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  af4806b9d8627c865bd6f4d611447751
- SHA1
  
  b0fd17423398c13c6f271dc2c1dced3355e8db24
- SHA256
  
  69b7591ee14de24efc887e7239d89f6cf41126b7ce5e119cb3eeae2ca0c12ef0
- SHA512
  
  bfd0eb6cacac201aa4b3d0c6146419df1f8282a242bd720800cb60d7426af3922749df885a2995b5ea079b74d1db434a03492fe7be5baa1e6ada07f7ec87460d
- SSDEEP
  
  49152:4VKjxFspS487/TSwUOdAf6kuSbPMMfT3Mk1h8B8tx817R+w6RlEo2QfhxLtAxC3a:48jUpS57/TSwUOdAf6kuSbPMMfT3Mk1E
Score

10^/10

locky defense_evasion discovery ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky family
  locky
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockydefense_evasiondiscoveryransomware

behavioral2

lockydefense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy