Overview

overview

10

Static

static

1

lighthouse...re.mp4

windows7-x64

10

lighthouse...re.mp4

windows10-2004-x64

6

Resubmissions

08/01/2025, 10:41

250108-mrhn7swpb1 6

08/01/2025, 09:59

250108-l1h6naxmfq 10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2025, 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lighthouse_teslacrypt_ransomware.mp4

  • Size

    3.1MB

  • MD5

    577c4a77455c945bf638349a16aa9b47

  • SHA1

    ff9139369ebf187e64c86348132dfb5f20bd4ac9

  • SHA256

    c7503cdbc638d4886e9b06942b9afc345f041663734963b49fb25e1577287c46

  • SHA512

    64a5510ca8c19915c9a88a524ca12731d2cb7b672d84f9db58c0aac7e39e1d89cf50981078dbcb905fd75f259124b9aee055e2d6fc95387023345c770313283c

  • SSDEEP

    49152:pHZUdEm4AOcOgifdrIstug5mBdNUQIAfe3o7DDeh+HAjADJEsgBUEG5o5OpaRWC3:pHZA74A9UfOCmHIRoDeCJDGVBvG5o5O0

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\lighthouse_teslacrypt_ransomware.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1416
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:1968
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:220
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4bc
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    063793e4ba784832026ec8bc3528f7f1

    SHA1

    687d03823d7ab8954826f753a645426cff3c5db4

    SHA256

    cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

    SHA512

    225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    c79e414497831cf460ba3340cab583f6

    SHA1

    3f0b4ca2fd7ed328ee74450f78e871e7ab3ae6a7

    SHA256

    53f7ae71e9b1daa4b535c18e75825fa6962b5834afafe75d951d7fec53445441

    SHA512

    bd963817cfc99d2b088b59632754a221991e6b3e3654a23fe5a0cd812ced9a2c95eadd57bcb5aafffcbc61707988f53f315c8c467e20c00f12222770fd932d97

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    af0167584fada6e3bba38c8388321f83

    SHA1

    3f94245b28df4f1b7c266e92e93c7bb328ef4b7f

    SHA256

    8e36d57abaff625975bb9a60680a78b295bb81b8e2ab971e472caedd020743aa

    SHA512

    039c8cb84b3285f22e588403bade0cec27217b155bcc0622ef2084a5cb6d13a0a1124b5001e2fd84c4606ca810059eba02761969b42e12b61222026696a65b48

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    5433eab10c6b5c6d55b7cbd302426a39

    SHA1

    c5b1604b3350dab290d081eecd5389a895c58de5

    SHA256

    23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

    SHA512

    207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    4c08a3032a24f6227f6d856c03d93533

    SHA1

    1c778c0e249348c27711a16939bec4b982d5c4aa

    SHA256

    1f5f0376defbc2a2aa583279eec736d50e9d2598313d3cce349612420e375819

    SHA512

    88bfa6a2cf51568fd48334b34d471ca29e297ad7b655023210419720df58f73b6bd834b00179dc2130ebb8bda0d8eae8967d6b56ac9102c1b8dc6d709a5f0f84

    Download Submit

  • memory/2108-41-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-42-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-44-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-43-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-45-0x0000000007C40000-0x0000000007C50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-46-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-47-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-49-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-48-0x0000000005280000-0x0000000005290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-50-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-65-0x0000000005290000-0x00000000052A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-66-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-67-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-68-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-69-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-70-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-71-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-72-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-73-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-74-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-76-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-75-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-77-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-79-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-81-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-80-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-82-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-78-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-83-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-84-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-86-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-85-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-89-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-88-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-87-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-90-0x0000000005290000-0x00000000052A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-91-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-93-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-92-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-94-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-96-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-95-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-98-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-99-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-100-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-101-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-97-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-102-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-104-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-105-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-107-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-106-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-103-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-108-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-109-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-110-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-111-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-112-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-113-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-114-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-115-0x0000000005290000-0x00000000052A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-116-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-118-0x0000000007D90000-0x0000000007DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-117-0x00000000052F0000-0x0000000005300000-memory.dmp

    Filesize

    64KB

    Download