Analysis Overview
SHA256
5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3
Threat Level: Known bad
The file 5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3 was found to be: Known bad.
Malicious Activity Summary
Locky
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-01 05:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-01 05:39
Reported
2022-08-01 07:25
Platform
win7-20220718-en
Max time kernel
156s
Max time network
172s
Command Line
Signatures
Locky
Processes
C:\Users\Admin\AppData\Local\Temp\5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3.exe
"C:\Users\Admin\AppData\Local\Temp\5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | tcp | |
| RU | 95.181.171.58:80 | tcp | |
| NL | 185.14.30.97:80 | tcp |
Files
memory/1608-54-0x00000000756C1000-0x00000000756C3000-memory.dmp
memory/1608-55-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1608-57-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1608-58-0x0000000000400000-0x000000000042D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-01 05:39
Reported
2022-08-01 07:23
Platform
win10v2004-20220722-en
Max time kernel
153s
Max time network
159s
Command Line
Signatures
Locky
Processes
C:\Users\Admin\AppData\Local\Temp\5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3.exe
"C:\Users\Admin\AppData\Local\Temp\5cacccb46693962c67a3aef0df9a538201a44d309993915057e98b00b59cf7c3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | mvbbkuslvxkb.us | udp |
| US | 8.8.8.8:53 | dqefredqucnwpwo.nl | udp |
| NL | 185.14.30.97:80 | 185.14.30.97 | tcp |
| RU | 95.181.171.58:80 | tcp | |
| US | 8.8.8.8:53 | cojwkeoh.it | udp |
| US | 8.8.8.8:53 | pejngrdydlq.it | udp |
| US | 8.8.8.8:53 | hqlnyfibug.it | udp |
| US | 8.8.8.8:53 | ugiasmoayhrii.fr | udp |
Files
memory/4948-132-0x0000000000400000-0x000000000042D000-memory.dmp
memory/4948-134-0x0000000000400000-0x000000000042D000-memory.dmp
memory/4948-135-0x0000000000400000-0x000000000042D000-memory.dmp