Analysis
-
max time kernel
10s -
max time network
7s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
24-10-2022 13:02
General
-
Target
cb4403f08159e6626b6ee7600a5b7e3b58807be482202d00256f8db4b9aeff07.exe
-
Size
596KB
-
MD5
7a62086612f90d74fa1b4c014a02ed77
-
SHA1
011aa82057d30c6c75cea5a0d06d29acae0bd942
-
SHA256
cb4403f08159e6626b6ee7600a5b7e3b58807be482202d00256f8db4b9aeff07
-
SHA512
63a420da119d2d526811ca6e4317d0691b012bde24546a43880412cd19c109913056a895db7f64adfe461b7589b78153345610e6e179d1827869367a468c641b
-
SSDEEP
12288:cMFjPCrupcFSzJ+TN7IKT/t3smu3ofqK3B8FxbM:cMpaupwSzJ+jhsmuYfqm
Score
10/10
Malware Config
Signatures
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb4403f08159e6626b6ee7600a5b7e3b58807be482202d00256f8db4b9aeff07.exe"C:\Users\Admin\AppData\Local\Temp\cb4403f08159e6626b6ee7600a5b7e3b58807be482202d00256f8db4b9aeff07.exe"1⤵
- Modifies extensions of user files
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1760-54-0x0000000075931000-0x0000000075933000-memory.dmpFilesize
8KB
-
memory/1760-55-0x0000000000400000-0x0000000000489000-memory.dmpFilesize
548KB
-
memory/1760-56-0x0000000000400000-0x000000000049C750-memory.dmpFilesize
625KB
-
memory/1760-58-0x0000000000400000-0x000000000049C750-memory.dmpFilesize
625KB