Overview

overview

10

Static

static

ab564a35f7...a0.exe

windows7_x64

10

ab564a35f7...a0.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    1782s
  • max time network
    1795s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-06-2022 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab564a35f762c6ea907d55ea5c31ce4cd84225c1a4ad001c806c872815a1eaa0.exe

  • Size

    276KB

  • MD5

    1b0f1113c599931e8fb2e8c99af97404

  • SHA1

    3535515cd77a404c5341b499338df0cd652103b3

  • SHA256

    ab564a35f762c6ea907d55ea5c31ce4cd84225c1a4ad001c806c872815a1eaa0

  • SHA512

    cace7f9e32be9421defe9181b4f071d1064d8026e4f67fd5126d3aacf20a3141686137968488beb213e599fbff5e572a9eff45fb67a1e26c4675488a21067ecd

Score
10/10
lockyransomwaresuricata

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • suricata: ET MALWARE Ransomware Locky CnC Beacon

    suricata: ET MALWARE Ransomware Locky CnC Beacon

    suricata
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab564a35f762c6ea907d55ea5c31ce4cd84225c1a4ad001c806c872815a1eaa0.exe
    "C:\Users\Admin\AppData\Local\Temp\ab564a35f762c6ea907d55ea5c31ce4cd84225c1a4ad001c806c872815a1eaa0.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4316-130-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download

  • memory/4316-132-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

    Download