Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    04-05-2021 15:15

General

  • Target

    333.exe

  • Size

    34KB

  • MD5

    50dc32bf584f9b54ee51016fa6e67363

  • SHA1

    f0d015f92117ac541569b56b1db646021825035b

  • SHA256

    bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603

  • SHA512

    f51f7cbcdc0af40cb12ceb6bf4287cd4fb7d7cd75d20da649550fbea5bdf324bb4ee56119961af807f53d355d97fa58f965494858d6e811d2e80d55bfb779bd9

Malware Config

Signatures

  • LegionLocker

    Ransomware family active in 2021.

  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

Processes

  • C:\Users\Admin\AppData\Local\Temp\333.exe
    "C:\Users\Admin\AppData\Local\Temp\333.exe"
    1⤵
    • Modifies extensions of user files
    PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1104-59-0x0000000000E50000-0x0000000000E51000-memory.dmp

    Filesize

    4KB

  • memory/1104-61-0x0000000000140000-0x0000000000142000-memory.dmp

    Filesize

    8KB

  • memory/1104-62-0x000000001ACD0000-0x000000001ACD2000-memory.dmp

    Filesize

    8KB