Overview

overview

10

Static

static

2c3f5eb50a...31.exe

windows7_x64

10

2c3f5eb50a...31.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    1799s
  • max time network
    1802s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    28-06-2022 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c3f5eb50a19e3f5f4b2d2b8bb36c72c3ac5950424050b36186693923fd2a831.exe

  • Size

    92KB

  • MD5

    5d4388bb58159eab12e3a34becd243b1

  • SHA1

    e670fbd000de5ab0785e1dc8e6b8456c5e1847c6

  • SHA256

    2c3f5eb50a19e3f5f4b2d2b8bb36c72c3ac5950424050b36186693923fd2a831

  • SHA512

    12a17e6b44c5386da41993f3b542dcada48359e5ca8a06bc65e407698bfa17ccecb26bfd5f002e300eddcc6f9e589b6a7d3c9dc6cfde6e26d51a90c84c4bb8a8

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c3f5eb50a19e3f5f4b2d2b8bb36c72c3ac5950424050b36186693923fd2a831.exe
    "C:\Users\Admin\AppData\Local\Temp\2c3f5eb50a19e3f5f4b2d2b8bb36c72c3ac5950424050b36186693923fd2a831.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      C:\Users\Admin\AppData\Local\Temp\svchost.exe
      2⤵
      • Executes dropped EXE
      PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
    Filesize

    93KB

    MD5

    4e4a8812b80c8542a3095a53c29f5441

    SHA1

    6218bd4eba6d91007d8b8c32a040194ec123f5b6

    SHA256

    2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db

    SHA512

    5bfd0bb53db5e4c6abe8dbed61a14244e107061bd29319a30e6dc8ee1c87f9d88ead7c843494a0b927d32efbf95e9510eb4d67df6bc3f4c849c80798523a071b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\svchost.exe
    Filesize

    93KB

    MD5

    4e4a8812b80c8542a3095a53c29f5441

    SHA1

    6218bd4eba6d91007d8b8c32a040194ec123f5b6

    SHA256

    2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db

    SHA512

    5bfd0bb53db5e4c6abe8dbed61a14244e107061bd29319a30e6dc8ee1c87f9d88ead7c843494a0b927d32efbf95e9510eb4d67df6bc3f4c849c80798523a071b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\svchost.exe
    Filesize

    93KB

    MD5

    4e4a8812b80c8542a3095a53c29f5441

    SHA1

    6218bd4eba6d91007d8b8c32a040194ec123f5b6

    SHA256

    2cbf3ac4f304fa711e23d6a8a762451b7b06550d56b7bd688d4c6d1bee9984db

    SHA512

    5bfd0bb53db5e4c6abe8dbed61a14244e107061bd29319a30e6dc8ee1c87f9d88ead7c843494a0b927d32efbf95e9510eb4d67df6bc3f4c849c80798523a071b

    Download Submit

  • memory/1216-54-0x0000000075951000-0x0000000075953000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-59-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1424-57-0x0000000000000000-mapping.dmp

    Download