locky | 4ab3999b9aa14d0eae351803736103b76a33734805b8c8193a72d06fc6986dcd | Triage

Submit
Reports

Overview

overview

Static

static

svchost.exe

windows7_x64

svchost.exe

windows10-2004_x64

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 12:25

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

svchost.exe

Resource

win7-20220414-en

locky ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

svchost.exe

Resource

win10v2004-20220414-en

locky ransomware suricata

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

svchost.exe
Size

102KB
MD5

c63a537090d34f29daadbef221637435
SHA1

ba17638bac43e6e3b2faf4bf3a22197b99d8a390
SHA256

28046c14ea3325885ee1e731cd0bcf9f38445df02675836b851cb2ae94c050eb
SHA512

d222c1f42475a242f1c9a379f9d828a8f8977648d618a0201fb7232a43759f5d7958e311396d41ea7d8b363588b19ac5e137c88160979d7e5dfc3b42d328e95d

Score

10^/10

locky ransomware suricata

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata: ET MALWARE Ransomware Locky CnC Beacon
suricata

Processes

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
1⤵
PID:3316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy