Analysis Overview
SHA256
034af3eff0433d65fe171949f1c0f32d5ba246d468f3cf7826c42831a1ef4031
Threat Level: Known bad
The file 034af3eff0433d65fe171949f1c0f32d5ba246d468f3cf7826c42831a1ef4031.bin was found to be: Known bad.
Malicious Activity Summary
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-13 15:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-13 15:03
Reported
2022-07-13 15:05
Platform
win10v2004-20220414-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
Processes
C:\Users\Admin\AppData\Local\Temp\034af3eff0433d65fe171949f1c0f32d5ba246d468f3cf7826c42831a1ef4031.exe
"C:\Users\Admin\AppData\Local\Temp\034af3eff0433d65fe171949f1c0f32d5ba246d468f3cf7826c42831a1ef4031.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 20.190.160.8:443 | tcp | |
| US | 20.189.173.4:443 | tcp | |
| NL | 104.110.191.140:80 | tcp | |
| RU | 31.41.47.37:80 | 31.41.47.37 | tcp |
| FR | 188.138.88.184:80 | tcp | |
| NL | 20.190.160.4:443 | tcp | |
| UA | 5.34.183.136:80 | tcp | |
| NL | 20.190.160.75:443 | tcp | |
| FR | 91.121.97.170:80 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| NL | 20.190.160.2:443 | tcp | |
| US | 8.8.8.8:53 | poqsbgjovnqm.pm | udp |
| US | 8.8.8.8:53 | riqolvikpq.pm | udp |
| US | 8.8.8.8:53 | mruvrue.in | udp |
| US | 8.8.8.8:53 | vpppc.us | udp |
| US | 8.8.8.8:53 | xqxmcsveudoxsw.ru | udp |
| US | 8.8.8.8:53 | sauseulnqbp.de | udp |
| NL | 20.190.160.73:443 | tcp | |
| US | 8.8.8.8:53 | ubdqxonyd.be | udp |
| US | 8.8.8.8:53 | eyxjoyw.us | udp |
| RU | 31.41.47.37:80 | 31.41.47.37 | tcp |
| FR | 188.138.88.184:80 | tcp | |
| NL | 20.190.160.132:443 | tcp | |
| UA | 5.34.183.136:80 | tcp | |
| NL | 20.190.160.71:443 | tcp |
Files
memory/4464-130-0x0000000000780000-0x000000000079D000-memory.dmp
memory/4464-131-0x0000000000780000-0x000000000079D000-memory.dmp