legionlocker | d07c227a7d73abe3eb7da6c7f23f5de256be3b1a610a7f620ca64e4f7410f04e | Triage

Resubmissions

07-05-2021 10:07

210507-1pvd3vwnds 8

04-05-2021 15:14

210504-ffc4l5kase 10

Analysis

max time kernel
11s
max time network
18s
platform
windows7_x64
resource
win7v20210408
submitted
04-05-2021 15:14

Sharing

Report Analysis Logs

General

Target

222.exe
Size

33KB
MD5

c72ffdba16d7bcb0425b5649c04a992d
SHA1

f5fec549a29fab9adcd6016e7caf85962bca2218
SHA256

d07c227a7d73abe3eb7da6c7f23f5de256be3b1a610a7f620ca64e4f7410f04e
SHA512

a291ad69c6c38227b732bc2a632c68931899054ed533e064d8be0047cc7111f3b642a14143f098ab5ed2ed6e420e778c6506a42184920f43efb246dbb9b3ce56

Score

10^/10

legionlocker ransomware

Malware Config

Signatures

LegionLocker
Ransomware family active in 2021.
ransomware legionlocker
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
ransomware

Processes:

222.exe

description ioc process

File renamed C:\Users\Admin\Pictures\WatchMove.png => C:\Users\Admin\Pictures\WatchMove.png.Legion 222.exe

C:\Users\Admin\AppData\Local\Temp\222.exe
"C:\Users\Admin\AppData\Local\Temp\222.exe"
1⤵
- Modifies extensions of user files
PID:1796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-60-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/1796-62-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/1796-63-0x000000001AFA0000-0x000000001AFA2000-memory.dmp

Filesize
8KB

Download