legionlocker | bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603 | Triage

Analysis

max time kernel
13s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
04-05-2021 15:15

Sharing

Report Analysis Logs

General

Target

333.exe
Size

34KB
MD5

50dc32bf584f9b54ee51016fa6e67363
SHA1

f0d015f92117ac541569b56b1db646021825035b
SHA256

bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603
SHA512

f51f7cbcdc0af40cb12ceb6bf4287cd4fb7d7cd75d20da649550fbea5bdf324bb4ee56119961af807f53d355d97fa58f965494858d6e811d2e80d55bfb779bd9

Score

10^/10

legionlocker ransomware

Malware Config

Signatures

LegionLocker
Ransomware family active in 2021.
ransomware legionlocker

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

333.exe

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\RevokeDeny.crw => C:\Users\Admin\Pictures\RevokeDeny.crw.Legion	333.exe
File renamed	C:\Users\Admin\Pictures\RemoveConvertFrom.raw => C:\Users\Admin\Pictures\RemoveConvertFrom.raw.Legion	333.exe

C:\Users\Admin\AppData\Local\Temp\333.exe
"C:\Users\Admin\AppData\Local\Temp\333.exe"
1⤵
- Modifies extensions of user files
PID:3540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3540-114-0x0000000000F60000-0x0000000000F61000-memory.dmp

Filesize
4KB

Download
memory/3540-116-0x00000000016D0000-0x00000000016D2000-memory.dmp

Filesize
8KB

Download
memory/3540-117-0x00000000016C0000-0x00000000016C2000-memory.dmp

Filesize
8KB

Download