Analysis
-
max time kernel
11s -
max time network
18s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-05-2021 15:14
Static task
static1
Behavioral task
behavioral1
Sample
222.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
222.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
222.exe
-
Size
33KB
-
MD5
c72ffdba16d7bcb0425b5649c04a992d
-
SHA1
f5fec549a29fab9adcd6016e7caf85962bca2218
-
SHA256
d07c227a7d73abe3eb7da6c7f23f5de256be3b1a610a7f620ca64e4f7410f04e
-
SHA512
a291ad69c6c38227b732bc2a632c68931899054ed533e064d8be0047cc7111f3b642a14143f098ab5ed2ed6e420e778c6506a42184920f43efb246dbb9b3ce56
Score
10/10
Malware Config
Signatures
-
LegionLocker
Ransomware family active in 2021.
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File renamed C:\Users\Admin\Pictures\WatchMove.png => C:\Users\Admin\Pictures\WatchMove.png.Legion 222.exe