Resubmissions

07-05-2021 10:07

210507-1pvd3vwnds 8

04-05-2021 15:14

210504-ffc4l5kase 10

Analysis

  • max time kernel
    127s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-05-2021 15:14

General

  • Target

    222.exe

  • Size

    33KB

  • MD5

    c72ffdba16d7bcb0425b5649c04a992d

  • SHA1

    f5fec549a29fab9adcd6016e7caf85962bca2218

  • SHA256

    d07c227a7d73abe3eb7da6c7f23f5de256be3b1a610a7f620ca64e4f7410f04e

  • SHA512

    a291ad69c6c38227b732bc2a632c68931899054ed533e064d8be0047cc7111f3b642a14143f098ab5ed2ed6e420e778c6506a42184920f43efb246dbb9b3ce56

Malware Config

Signatures

  • LegionLocker

    Ransomware family active in 2021.

  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

Processes

  • C:\Users\Admin\AppData\Local\Temp\222.exe
    "C:\Users\Admin\AppData\Local\Temp\222.exe"
    1⤵
    • Modifies extensions of user files
    PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/860-114-0x00000000007B0000-0x00000000007B1000-memory.dmp

    Filesize

    4KB

  • memory/860-116-0x0000000002870000-0x0000000002872000-memory.dmp

    Filesize

    8KB

  • memory/860-117-0x000000001B2E0000-0x000000001B2E2000-memory.dmp

    Filesize

    8KB