locky | 5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44 | Triage

Analysis

max time kernel
1788s
max time network
1803s
platform
windows7_x64
resource
win7-20220414-en
submitted
28-06-2022 17:40

Sharing

Report Analysis Logs

General

Target

5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44.exe
Size

206KB
MD5

724f2e153e7eccf2e8610bd62b7c23d5
SHA1

953556457ba02ee62316366da4cd94dd4c87ecb1
SHA256

5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44
SHA512

4209e45ce447a50b61b34869f3c24d500ed393ae33991e29cb5dcf9a310e02c8ae61538017ce9cd53ee39d38fd530ac3373736c9f71685ab2b8e8f751596e7c6

Score

10^/10

locky ransomware suricata

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44.exe

pid process

1520 5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44.exe

C:\Users\Admin\AppData\Local\Temp\5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44.exe
"C:\Users\Admin\AppData\Local\Temp\5cf6532159dfe7db1aff20c0a5389470750168892e4d0c0afa0c42c52b1afc44.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-54-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download
memory/1520-55-0x0000000000020000-0x0000000000057000-memory.dmp

Filesize
220KB

Download