locky | f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b | Triage

Submit
Reports

Overview

overview

Static

static

V7bTrYJ4lbO6OS.dll

windows7-x64

V7bTrYJ4lbO6OS.dll

windows10-2004-x64

Resubmissions

18-09-2022 19:48

220918-yh3tkaffal 10

18-09-2022 18:14

220918-wveamafebk 10

Sharing

General

Target

V7bTrYJ4lbO6OS.zk
Size

159KB
Sample

220918-yh3tkaffal
MD5

7932ee5fa6f83b149569752c47e04b87
SHA1

6eb115feadc5808507fb5a666dd18aa89a45616c
SHA256

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b
SHA512

17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58
SSDEEP

3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score

10^/10

locky locky_osiris persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

V7bTrYJ4lbO6OS.dll

Resource

win7-20220901-en

locky locky_osiris ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

V7bTrYJ4lbO6OS.dll

Resource

win10v2004-20220812-en

locky locky_osiris persistence ransomware

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  V7bTrYJ4lbO6OS.zk
- Size
  
  159KB
- MD5
  
  7932ee5fa6f83b149569752c47e04b87
- SHA1
  
  6eb115feadc5808507fb5a666dd18aa89a45616c
- SHA256
  
  f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b
- SHA512
  
  17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58
- SSDEEP
  
  3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF
Score

10^/10

locky locky_osiris ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirispersistenceransomware

© 2018-2024

Terms | Privacy