Malware Analysis Report

2024-10-19 10:31

Sample ID 220720-wa8zhadde3
Target 4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce
SHA256 4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce
Tags
locky ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce

Threat Level: Known bad

The file 4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce was found to be: Known bad.

Malicious Activity Summary

locky ransomware

Locky

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-20 17:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-20 17:44

Reported

2022-07-20 20:05

Platform

win7-20220718-en

Max time kernel

136s

Max time network

169s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe"

Signatures

Locky

ransomware locky

Processes

C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe

"C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
IE 86.104.134.144:80 tcp
IE 86.104.134.144:80 tcp

Files

memory/2040-54-0x0000000075C51000-0x0000000075C53000-memory.dmp

memory/2040-57-0x0000000000400000-0x0000000000426000-memory.dmp

memory/2040-55-0x0000000000400000-0x0000000000426000-memory.dmp

memory/2040-58-0x0000000000400000-0x0000000000426000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-20 17:44

Reported

2022-07-20 20:05

Platform

win10v2004-20220718-en

Max time kernel

153s

Max time network

172s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe"

Signatures

Locky

ransomware locky

Processes

C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe

"C:\Users\Admin\AppData\Local\Temp\4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce.exe"

Network

Country Destination Domain Proto
NL 142.251.36.3:80 tcp
NL 216.58.208.100:80 tcp
NL 172.217.168.227:80 tcp
NL 172.217.168.194:80 tcp
NL 142.250.179.162:80 tcp
US 142.250.102.156:443 tcp
NL 216.58.208.110:80 tcp
NL 142.251.39.104:80 tcp
NL 142.250.179.162:80 tcp
NL 142.251.39.104:443 tcp
IE 86.104.134.144:80 tcp
US 93.184.220.29:80 tcp
US 8.247.211.126:80 tcp
US 20.42.73.24:443 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp
US 8.247.211.126:80 tcp
NL 67.26.109.254:80 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp
US 8.8.8.8:53 hkssrxhcvk.eu udp
US 8.8.8.8:53 yalwxywkm.tf udp
US 8.8.8.8:53 mpijrgatneku.uk udp
US 8.8.8.8:53 eckjhxohgdi.fr udp
US 8.8.8.8:53 rrkaghshwkdgkm.us udp
US 8.8.8.8:53 fhhmdo.uk udp
IE 86.104.134.144:80 tcp

Files

memory/3136-130-0x0000000000400000-0x0000000000426000-memory.dmp

memory/3136-132-0x0000000000400000-0x0000000000426000-memory.dmp

memory/3136-133-0x0000000000400000-0x0000000000426000-memory.dmp