locky | 20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743 | Triage

Analysis

max time kernel
145s
max time network
153s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-06-2022 10:06

Sharing

Report Analysis Logs

General

Target

20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743.exe
Size

207KB
MD5

3cf892f5bb1dd7d28445394683713e78
SHA1

6835e93aaa256d180c7cc1caa42ec69f07785a4f
SHA256

20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743
SHA512

0ffed02ef4c652244643e9a7251a1d23a52e2cc24c0da936cf83eaba905c31fdb04b68209eeb4ac903e59a80897367db9a0d16929fc1a7cc955238d718e30c42

Score

10^/10

locky ransomware suricata

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743.exe

pid process

1308 20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743.exe

C:\Users\Admin\AppData\Local\Temp\20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743.exe
"C:\Users\Admin\AppData\Local\Temp\20f48e19032b23217d4da671173565607b4069912d37f4b143fea97486fba743.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-54-0x0000000075261000-0x0000000075263000-memory.dmp

Filesize
8KB

Download
memory/1308-55-0x00000000011B0000-0x00000000011E9000-memory.dmp

Filesize
228KB

Download
memory/1308-57-0x00000000011B0000-0x00000000011E9000-memory.dmp

Filesize
228KB

Download