333.exe

General
Target

333.exe

Filesize

34KB

Completed

04-05-2021 15:17

Score
10 /10
MD5

50dc32bf584f9b54ee51016fa6e67363

SHA1

f0d015f92117ac541569b56b1db646021825035b

SHA256

bc016ebc1751fe99de886be19c2c3e0baefe69cb046b10838cb15bcff3c7e603

Malware Config
Signatures 2

Filter: none

  • LegionLocker

    Description

    Ransomware family active in 2021.

  • Modifies extensions of user files
    333.exe

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

    Reported IOCs

    descriptioniocprocess
    File renamedC:\Users\Admin\Pictures\RevokeDeny.crw => C:\Users\Admin\Pictures\RevokeDeny.crw.Legion333.exe
    File renamedC:\Users\Admin\Pictures\RemoveConvertFrom.raw => C:\Users\Admin\Pictures\RemoveConvertFrom.raw.Legion333.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\333.exe
    "C:\Users\Admin\AppData\Local\Temp\333.exe"
    Modifies extensions of user files
    PID:3540
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/3540-114-0x0000000000F60000-0x0000000000F61000-memory.dmp

                          • memory/3540-116-0x00000000016D0000-0x00000000016D2000-memory.dmp

                          • memory/3540-117-0x00000000016C0000-0x00000000016C2000-memory.dmp