Analysis Overview
SHA256
bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3
Threat Level: Known bad
The file 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0 was found to be: Known bad.
Malicious Activity Summary
Locky
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-13 14:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-13 14:53
Reported
2022-07-13 14:56
Platform
win10v2004-20220414-en
Max time kernel
164s
Max time network
174s
Command Line
Signatures
Locky
Processes
C:\Users\Admin\AppData\Local\Temp\0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0.exe
"C:\Users\Admin\AppData\Local\Temp\0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 104.109.143.9:80 | tcp | |
| NL | 88.221.144.179:80 | tcp | |
| NL | 88.221.144.179:80 | tcp | |
| US | 13.89.178.26:443 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
| US | 8.8.8.8:53 | lvrrlykypsssv.eu | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
| US | 8.8.8.8:53 | lvrrlykypsssv.eu | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
Files
memory/2684-130-0x00000000008A0000-0x00000000008A4000-memory.dmp
memory/2684-131-0x00000000008A0000-0x00000000008A4000-memory.dmp
memory/2684-132-0x0000000000400000-0x00000000007D1000-memory.dmp