legionlocker | b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416

Analysis

max time kernel
115s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2022 16:53

Target

HEUR-Trojan-Ransom.MSIL.Agent.gen-b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416.exe
Size

14KB
MD5

1d67ad9ff37e4fd8c3d6b2eeaea6ef97
SHA1

b8e7d26fd11bc747662665dd24fa7b46e99522cb
SHA256

b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416
SHA512

489641c86fe8619cc25439625af0ab8bf6bd36135319c0fd46602275772ad6a8a0bf18e4762ddb352a11215619aa92bb8c1fdbd0ba808adafaf117cf64f01dd4
SSDEEP

192:AqX2hHT/DAZb6R/NjkxizbNjL1VhS8MC3fV6nopLCRntOwyfNnBq:76z/0Zb6BiozBNVtMMfkn4ItO/fJB

Score

10^/10

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\UninstallEdit.raw => C:\Users\Admin\Pictures\UninstallEdit.raw.Legion	HEUR-Trojan-Ransom.MSIL.Agent.gen-b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416.exe
File renamed	C:\Users\Admin\Pictures\CompressFormat.png => C:\Users\Admin\Pictures\CompressFormat.png.Legion	HEUR-Trojan-Ransom.MSIL.Agent.gen-b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416.exe

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.MSIL.Agent.gen-b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.MSIL.Agent.gen-b43853b0cf911db59117c70e34e373c47235ceff58f226d2bb72abb5f0c49416.exe"
1⤵
- Modifies extensions of user files
PID:4740

memory/4740-132-0x0000000000580000-0x000000000058A000-memory.dmp

Filesize
40KB

Download
memory/4740-133-0x00007FFC1E250000-0x00007FFC1ED11000-memory.dmp

Filesize
10.8MB

Download
memory/4740-134-0x00007FFC1E250000-0x00007FFC1ED11000-memory.dmp

Filesize
10.8MB

Download