Resubmissions

07-05-2021 10:07

210507-1pvd3vwnds 8

04-05-2021 15:14

210504-ffc4l5kase 10

Analysis

  • max time kernel
    11s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    04-05-2021 15:14

General

  • Target

    222.exe

  • Size

    33KB

  • MD5

    c72ffdba16d7bcb0425b5649c04a992d

  • SHA1

    f5fec549a29fab9adcd6016e7caf85962bca2218

  • SHA256

    d07c227a7d73abe3eb7da6c7f23f5de256be3b1a610a7f620ca64e4f7410f04e

  • SHA512

    a291ad69c6c38227b732bc2a632c68931899054ed533e064d8be0047cc7111f3b642a14143f098ab5ed2ed6e420e778c6506a42184920f43efb246dbb9b3ce56

Malware Config

Signatures

  • LegionLocker

    Ransomware family active in 2021.

  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

Processes

  • C:\Users\Admin\AppData\Local\Temp\222.exe
    "C:\Users\Admin\AppData\Local\Temp\222.exe"
    1⤵
    • Modifies extensions of user files
    PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1796-60-0x0000000000980000-0x0000000000981000-memory.dmp

    Filesize

    4KB

  • memory/1796-62-0x0000000000250000-0x0000000000252000-memory.dmp

    Filesize

    8KB

  • memory/1796-63-0x000000001AFA0000-0x000000001AFA2000-memory.dmp

    Filesize

    8KB