legionlocker | bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7v20210410
submitted
04-05-2021 15:15

Sharing

Report Analysis Logs

General

Target

333.exe
Size

34KB
MD5

50dc32bf584f9b54ee51016fa6e67363
SHA1

f0d015f92117ac541569b56b1db646021825035b
SHA256

bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603
SHA512

f51f7cbcdc0af40cb12ceb6bf4287cd4fb7d7cd75d20da649550fbea5bdf324bb4ee56119961af807f53d355d97fa58f965494858d6e811d2e80d55bfb779bd9

Score

10^/10

legionlocker ransomware

Malware Config

Signatures

LegionLocker
Ransomware family active in 2021.
ransomware legionlocker

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

333.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\GroupClose.raw => C:\Users\Admin\Pictures\GroupClose.raw.Legion	333.exe
File renamed	C:\Users\Admin\Pictures\InstallLimit.raw => C:\Users\Admin\Pictures\InstallLimit.raw.Legion	333.exe
File renamed	C:\Users\Admin\Pictures\MountTrace.crw => C:\Users\Admin\Pictures\MountTrace.crw.Legion	333.exe
File renamed	C:\Users\Admin\Pictures\UnprotectConvert.png => C:\Users\Admin\Pictures\UnprotectConvert.png.Legion	333.exe

C:\Users\Admin\AppData\Local\Temp\333.exe
"C:\Users\Admin\AppData\Local\Temp\333.exe"
1⤵
- Modifies extensions of user files
PID:1104

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-59-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/1104-61-0x0000000000140000-0x0000000000142000-memory.dmp

Filesize
8KB

Download
memory/1104-62-0x000000001ACD0000-0x000000001ACD2000-memory.dmp

Filesize
8KB

Download