Overview

overview

6

Static

static

1

lighthouse...re.mp4

windows7-x64

1

lighthouse...re.mp4

windows10-2004-x64

6

Resubmissions

08/01/2025, 10:41

250108-mrhn7swpb1 6

08/01/2025, 09:59

250108-l1h6naxmfq 10

Analysis

  • max time kernel
    51s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2025, 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lighthouse_teslacrypt_ransomware.mp4

  • Size

    3.1MB

  • MD5

    577c4a77455c945bf638349a16aa9b47

  • SHA1

    ff9139369ebf187e64c86348132dfb5f20bd4ac9

  • SHA256

    c7503cdbc638d4886e9b06942b9afc345f041663734963b49fb25e1577287c46

  • SHA512

    64a5510ca8c19915c9a88a524ca12731d2cb7b672d84f9db58c0aac7e39e1d89cf50981078dbcb905fd75f259124b9aee055e2d6fc95387023345c770313283c

  • SSDEEP

    49152:pHZUdEm4AOcOgifdrIstug5mBdNUQIAfe3o7DDeh+HAjADJEsgBUEG5o5OpaRWC3:pHZA74A9UfOCmHIRoDeCJDGVBvG5o5O0

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\lighthouse_teslacrypt_ransomware.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1548
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3444
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:1096
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2992
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x410 0x504
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    063793e4ba784832026ec8bc3528f7f1

    SHA1

    687d03823d7ab8954826f753a645426cff3c5db4

    SHA256

    cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

    SHA512

    225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    8f31fd2d6f2e232a4b247370fcc65369

    SHA1

    400593b65121c54d9a637d9f46e844b9e663a787

    SHA256

    2d7697045bd0740c36820c49d7f4937253d6e3c388d1cea1d56a5f135d7a4214

    SHA512

    893059767fc9d4be64faa69e8f9ca1d1f4a36babdb823a415fec34ecc2ec949f93d9c476a65bdda1b53d640d2266328536ce84d716c808f5937c0e002ec089c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    9a6a6f3459241076db0235de83863529

    SHA1

    291a43ea6f1cbbe6df034c6f1a775f8f402f6321

    SHA256

    90dc5e28e97195ac8a81464fc3b545c2033798edd2400ffe135a300ec8fb41aa

    SHA512

    537d5263152eaa9d8853e12cea414d7e5af6ad3efe5b628a23eb6b4ecb661666164b7268d0bc493ca2e07d7ed841e778a68e0b24d07e729b6efc706bb44c8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    7e8b522256a12e4855e3fdf43adfb38d

    SHA1

    dd56f729a1c84d4c63f0cb2f3c840125bbbc0647

    SHA256

    47b65d979b4af727266548e0d938ebbbc951f72196b10fb424a3c06a16f6fa10

    SHA512

    d6c7d9a1dc7e2c9fc2a72417577219aee01f98713fd7b7ee6602b21953f3b50c5e2b447b004ac51c2aca2e0c9b8e35de6a0db90d7b308542039cb0b78a2c216d

    Download Submit

  • memory/1548-36-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-33-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-31-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-32-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-37-0x00000000071A0000-0x00000000071B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-38-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-41-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-40-0x0000000004930000-0x0000000004940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-39-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-42-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-49-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-51-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-52-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-53-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-54-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-55-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-56-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-57-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-58-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-61-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-60-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-59-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-62-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-67-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-66-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-65-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-64-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-63-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-69-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-71-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-70-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-72-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-74-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-76-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-75-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-77-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-80-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-81-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-82-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-83-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-85-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-87-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-86-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-90-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-89-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-88-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-84-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-91-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-92-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-93-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-96-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-95-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-94-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-99-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-100-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-101-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-102-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-107-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-105-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-104-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-103-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-108-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-109-0x000000000A6E0000-0x000000000A6F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1548-110-0x0000000006F80000-0x0000000006F90000-memory.dmp

    Filesize

    64KB

    Download