Analysis Overview
SHA256
59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef
Threat Level: Known bad
The file 59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef was found to be: Known bad.
Malicious Activity Summary
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-24 02:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-24 02:16
Reported
2022-07-24 02:19
Platform
win7-20220715-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
Processes
C:\Users\Admin\AppData\Local\Temp\59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef.exe
"C:\Users\Admin\AppData\Local\Temp\59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
Files
memory/1064-54-0x00000000760E1000-0x00000000760E3000-memory.dmp
memory/1064-55-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1064-57-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1064-58-0x0000000000400000-0x000000000042D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-24 02:16
Reported
2022-07-24 02:19
Platform
win10v2004-20220721-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
Processes
C:\Users\Admin\AppData\Local\Temp\59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef.exe
"C:\Users\Admin\AppData\Local\Temp\59f6b5e8b1829902c9b915c3c7a6f8842445e4f9508710d4bcacdb1f80fdc2ef.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| AU | 104.46.162.224:443 | tcp | |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.253.183.249:80 | tcp | |
| US | 8.253.183.249:80 | tcp | |
| US | 8.253.183.249:80 | tcp | |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | xcfenmbarmoym.in | udp |
| US | 8.8.8.8:53 | pohedecwbdaj.de | udp |
| US | 8.8.8.8:53 | dehucnutrdamaiq.yt | udp |
| US | 8.8.8.8:53 | qtehyux.us | udp |
| US | 8.8.8.8:53 | ijwlcs.in | udp |
| US | 8.8.8.8:53 | vvgxnyicy.be | udp |
| RU | 95.181.171.58:80 | tcp |
Files
memory/1576-130-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1576-132-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1576-133-0x0000000000400000-0x000000000042D000-memory.dmp