333.exe

General
Target

333.exe

Filesize

34KB

Completed

04-05-2021 15:17

Score
10 /10
MD5

50dc32bf584f9b54ee51016fa6e67363

SHA1

f0d015f92117ac541569b56b1db646021825035b

SHA256

bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603

Malware Config
Signatures 2

Filter: none

  • LegionLocker

    Description

    Ransomware family active in 2021.

  • Modifies extensions of user files
    333.exe

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

    Reported IOCs

    descriptioniocprocess
    File renamedC:\Users\Admin\Pictures\GroupClose.raw => C:\Users\Admin\Pictures\GroupClose.raw.Legion333.exe
    File renamedC:\Users\Admin\Pictures\InstallLimit.raw => C:\Users\Admin\Pictures\InstallLimit.raw.Legion333.exe
    File renamedC:\Users\Admin\Pictures\MountTrace.crw => C:\Users\Admin\Pictures\MountTrace.crw.Legion333.exe
    File renamedC:\Users\Admin\Pictures\UnprotectConvert.png => C:\Users\Admin\Pictures\UnprotectConvert.png.Legion333.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\333.exe
    "C:\Users\Admin\AppData\Local\Temp\333.exe"
    Modifies extensions of user files
    PID:1104
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1104-59-0x0000000000E50000-0x0000000000E51000-memory.dmp

                          • memory/1104-61-0x0000000000140000-0x0000000000142000-memory.dmp

                          • memory/1104-62-0x000000001ACD0000-0x000000001ACD2000-memory.dmp