locky | 8e394afc0b9b053d2b0001faf035e79253bfb3d4a2393f851ed95f3d7a602c19

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 18:36

Target

8e394afc0b9b053d2b0001faf035e79253bfb3d4a2393f851ed95f3d7a602c19.exe
Size

174KB
MD5

5558e63c83f22f6438cc9525295912c1
SHA1

eaa013ea2657b7c852e2824795a16c739ce41087
SHA256

8e394afc0b9b053d2b0001faf035e79253bfb3d4a2393f851ed95f3d7a602c19
SHA512

4edeea4440ff47b85dd0bd048c595549036ef72dd60d187a662ce82bc76cdc4d241888530bd8ad336bd7c2004823840b42fd10fe29b16f395c54d77fa833f753
SSDEEP

3072:pfp1Z11d7cChMEei48UwBlHAFzMcINx7lNQ3zeBzd3An1YgCQSPH96PHNrD5o857:pRd1dIYZBO5Ex83zeBzJAn3ClH96PHNr

Score

10^/10

locky ransomware

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky

Detects command variations typically used by ransomware 8 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3928-1-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-3-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-5-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-8-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-10-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-11-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-14-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3928-16-0x0000000000400000-0x0000000000430000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware

C:\Users\Admin\AppData\Local\Temp\8e394afc0b9b053d2b0001faf035e79253bfb3d4a2393f851ed95f3d7a602c19.exe
"C:\Users\Admin\AppData\Local\Temp\8e394afc0b9b053d2b0001faf035e79253bfb3d4a2393f851ed95f3d7a602c19.exe"
1⤵
PID:3928

memory/3928-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-2-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/3928-3-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-5-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-8-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-10-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-11-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-14-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3928-16-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download