locky | 561bbaeec4345c50699dbdd373757b039a7cf4e03c54d3765ece6f5d274c0612

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7fb420ab0a61d8b58b8c06490855671_JaffaCakes118.exe
Size

272KB
MD5

d7fb420ab0a61d8b58b8c06490855671
SHA1

29a429ca06c7ac4e0df4432af6d57ddb7d5c8373
SHA256

561bbaeec4345c50699dbdd373757b039a7cf4e03c54d3765ece6f5d274c0612
SHA512

14c1e701f6b963915c3e87bd5088c96703df0f53917a5df47553b1e2d066231c52a9d605e200eaee449bd17ba6005abaf1c7af9c6f1ec69f566c7e2058a487b4
SSDEEP

3072:20bCaBjgxdWeNdq3ZWC4iuLAVBpH/Z0GIeHUVuVXFyBErdwBthS9WCK:b3Bn58C46ZDIEUVufyqSLrd

Score

10^/10

locky discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky family
locky

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d7fb420ab0a61d8b58b8c06490855671_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2656	d7fb420ab0a61d8b58b8c06490855671_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d7fb420ab0a61d8b58b8c06490855671_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d7fb420ab0a61d8b58b8c06490855671_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2656-1-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-0-0x00000000006A2000-0x00000000006A4000-memory.dmp

Filesize
8KB

Download
memory/2656-3-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-4-0x00000000006A2000-0x00000000006A4000-memory.dmp

Filesize
8KB

Download
memory/2656-5-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-8-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-10-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-13-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-15-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-17-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download
memory/2656-19-0x0000000000690000-0x00000000006D8000-memory.dmp

Filesize
288KB

Download