Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06-02-2024 20:49
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_d8f3b153f6635d4257aa9de8cf5a0ef4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
VirusShare_d8f3b153f6635d4257aa9de8cf5a0ef4.exe
Resource
win10v2004-20231222-en
General
-
Target
VirusShare_d8f3b153f6635d4257aa9de8cf5a0ef4.exe
-
Size
189KB
-
MD5
d8f3b153f6635d4257aa9de8cf5a0ef4
-
SHA1
6502eaaecc168dd58fd7efca671f15734e12f958
-
SHA256
ef3c260fed0a71f0e679261aeb242133899f9ff03d68b5f95711a66ef919e549
-
SHA512
2fcc85ba83d1fe07950a649834866c3c5d51df5cbf65356f24d219b3ef35741a5a08fa7d62c2ced7302b5b0930047dfecce60caf74eb73ad5c21d48dd35d92e7
-
SSDEEP
3072:qV8CZflmqu3ZJ9f1hzILPN54cuuu+meBwHAS//XpC2sk9PqcRxBCXfD2fS2zOy:qqChOZJt1hsLPN54cuuu+ZBDe/Bsk9DP
Malware Config
Signatures
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Detects command variations typically used by ransomware 10 IoCs
Processes:
resource yara_rule behavioral1/memory/1316-2-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-0-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-4-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-6-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-8-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-12-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-14-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-15-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-16-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware behavioral1/memory/1316-17-0x0000000000400000-0x0000000000433000-memory.dmp INDICATOR_SUSPICIOUS_GENRansomware
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1316-2-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-1-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1316-0-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-4-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-6-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-8-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-12-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-14-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-15-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-16-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/1316-17-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB