Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
04-05-2021 15:15
Static task
static1
Behavioral task
behavioral1
Sample
333.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
333.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
333.exe
-
Size
34KB
-
MD5
50dc32bf584f9b54ee51016fa6e67363
-
SHA1
f0d015f92117ac541569b56b1db646021825035b
-
SHA256
bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603
-
SHA512
f51f7cbcdc0af40cb12ceb6bf4287cd4fb7d7cd75d20da649550fbea5bdf324bb4ee56119961af807f53d355d97fa58f965494858d6e811d2e80d55bfb779bd9
Score
10/10
Malware Config
Signatures
-
LegionLocker
Ransomware family active in 2021.
-
Modifies extensions of user files 4 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
333.exedescription ioc Process File renamed C:\Users\Admin\Pictures\GroupClose.raw => C:\Users\Admin\Pictures\GroupClose.raw.Legion 333.exe File renamed C:\Users\Admin\Pictures\InstallLimit.raw => C:\Users\Admin\Pictures\InstallLimit.raw.Legion 333.exe File renamed C:\Users\Admin\Pictures\MountTrace.crw => C:\Users\Admin\Pictures\MountTrace.crw.Legion 333.exe File renamed C:\Users\Admin\Pictures\UnprotectConvert.png => C:\Users\Admin\Pictures\UnprotectConvert.png.Legion 333.exe