Overview

overview

10

Static

static

21a0201874...b6.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    189s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    13-07-2022 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.exe

  • Size

    372KB

  • MD5

    e3b3e285390c0e2f7d04bd040bec790d

  • SHA1

    dbee71535e9f1fb23b3f01e25989d22d51237e68

  • SHA256

    21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6

  • SHA512

    6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.exe
    "C:\Users\Admin\AppData\Local\Temp\21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4116

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4116-130-0x0000000002FF0000-0x0000000003017000-memory.dmp
    Filesize

    156KB

    Download
  • memory/4116-131-0x0000000002FF0000-0x0000000003017000-memory.dmp
    Filesize

    156KB

    Download
  • memory/4116-132-0x0000000000400000-0x0000000000462000-memory.dmp
    Filesize

    392KB

    Download
  • memory/4116-134-0x0000000003AB0000-0x0000000003AD7000-memory.dmp
    Filesize

    156KB

    Download
  • memory/4116-135-0x0000000003AB0000-0x0000000003AD7000-memory.dmp
    Filesize

    156KB

    Download