Overview

overview

10

Static

static

1

V7bTrYJ4lbO6OS.dll

windows7-x64

10

V7bTrYJ4lbO6OS.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    236s
  • max time network
    269s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31/03/2023, 01:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    V7bTrYJ4lbO6OS.dll

  • Size

    159KB

  • MD5

    7932ee5fa6f83b149569752c47e04b87

  • SHA1

    6eb115feadc5808507fb5a666dd18aa89a45616c

  • SHA256

    f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b

  • SHA512

    17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58

  • SSDEEP

    3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score
10/10
lockylocky_osirisransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Blocklisted process makes network request 6 IoCs
  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\V7bTrYJ4lbO6OS.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\V7bTrYJ4lbO6OS.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Modifies extensions of user files
      • Sets desktop wallpaper using registry
      • Modifies Control Panel
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:584
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1280
  • C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    1⤵
      PID:1524
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:552

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\OSIRIS-f3ee.htm
      Filesize

      8KB

      MD5

      e7f43ceb28ed4b8e7cd527433cd16dcc

      SHA1

      b15e6a7dd787a7719d61bccb324d35b58e3901db

      SHA256

      2abb3f8c901ceadb5a690a2c440a7ce82f47d9253c6f25cd2c94747301f49f41

      SHA512

      0d5c16896b63c51b814d0a5022ae7f4e69680f211f60bc9c57eea81114551842cb5ba6d3ad1090a8d9d339df00883834b2cb92dc2164beade8661faca3f62bda

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3572bedecb89dfd7d6e4312624f46a6f

      SHA1

      0a3df970f325041134bbd3a6fbf70ca69b9099a5

      SHA256

      0214598300ee9d014d10f0045310671ce4476adf250fd2eb1148e4cfea5e1b79

      SHA512

      3f644154077bb8504b5ea1c4aeb64134254a5821fd30428e5eb6e766be0cae511a2a68599eefed6aae1018bdcc8acba8dc53bb3a9a9be9f45f0e69f880ca4f5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a5033774e5d78d08bc15fcf60e16b30

      SHA1

      0e44566ded2fa5d1ebe073a86fa8a970823bc18c

      SHA256

      ee8e15c33f4ae999e6f6409bd29772edd1990f5237e5f9b7dc83a0eebd1889eb

      SHA512

      a3d456b16b215d52783fd56520b36be91423707b905970e205c785f515f72f14446362a5746728d053c7e9d7fbad3d01c40b952bb90192b3a4e0b76be2b077a4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9ad603756f350809d2e7c196112ad5a

      SHA1

      86d5b677fd094790cb0f372c5485cdad116c212e

      SHA256

      d1e5b9c88d8d78f1209eb978b9d3bce631946f6096382663a890a0418a7af4f4

      SHA512

      b5e65a00a5509a73e9e4743d3e07057df882d2aaee066256935915c63bcb03b03b5a3dc14df31b653fbb08bb77e45931118c1e2ad403c224f65c7ca58704fb65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      110a0706050591bdcaf970015e7f05ec

      SHA1

      bf0ef45b9490cff2ef33c13b6f385f10b3bf9110

      SHA256

      dda4e0aedfc7467390e9f9dd0dc74ac4d99756d88a7a29dac6a1d54503416d38

      SHA512

      9455ff4f192e602229f49a02216790b8d0cafb866e3febaf8717e9fa921b35b12657600a7aff77cdb2772ba59fe018048f36083edfce381ce942a7557bbacf47

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3595172609807cdcf895ed9f6d5a01af

      SHA1

      94b60e2022d13cbced85bb9e07eefec885b5b68b

      SHA256

      40345f18e5ac44a5b2ace98f214420ae963eacb3531d2e4d17300d43d76050ca

      SHA512

      b05e216c737da0f0d2437b7014afbc482e91db77258d4621c4f9ea7e8550c23efe845561376410aa482e521a7351d4ec7d20fc5cc467363b9f3ab79082061f05

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0e0bc2d736aca3ff0640e42bc4652476

      SHA1

      6a3d221e7e264bfea577f1fb0fb5db453b90985c

      SHA256

      2cebc536d9e0485aaec08aeed807eef7b13091eafd0d3d209496a9ad59e42a54

      SHA512

      ea477c93a3dca5faf9d47ebaa60ce1a70754b00a6fe056ba4fd11eac0980a2b0d98c751b1a389121e2ca9ec9e2b1e06a5f1abebf7649ea2e1056a8a4cddd49e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83d81af28b51bb2123f04cc272915c29

      SHA1

      7342d377e45262b55216234af692c9dc3e9158d6

      SHA256

      b866ae1fcbb590f33b5c1c681a0990f67f6bc2aefeba7f74a0876d7d8acc907a

      SHA512

      2c0fbdf8a769be85e93ace40f64ba32652ad15864812bf00c4cc2daee732f071a9bfec8fd0b39f02a377b6976bf6b72a2d8976bea64b3aa0a502082547b141ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      65173e89019bfdb5d154f7e12f5cf872

      SHA1

      7276f76432f16b621e812b021ba45afa4023cb44

      SHA256

      5ec4343eb68049daa60ea22bce9551b17abd4dc53e639697f15399bb73d599f9

      SHA512

      11e18bfa86a117aeb47ebc20305371e98f7e80a1a86294770c279dd759b76268d490eaa1e8a08ec6f70c0961129cf75da848adea73a227806b2ae02c8e284c70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ddf4d2bc08aeb3a44e00cc9ace805215

      SHA1

      40b41b610fe30f7e4b8769e1f8a704f1297d6837

      SHA256

      32191e9c6ad84eee723836151d5607928398d685a87c0a955e68efc56d1e1863

      SHA512

      d11a924c5c4c6c8fa360e254e5a3433030b53def093b8f56ebf8e0f41b066c8ea87336b5771b13c385ec2648149e23a786f0bede527efbce611eb329bd4e3a2b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5AC0.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6244.tmp
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar67E2.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7GLUTNLN.txt
      Filesize

      608B

      MD5

      684ef6285fca6cc05691a07846ce4e4e

      SHA1

      19f2a141b6378d6e0ed42c5734041264b5a9f622

      SHA256

      801bb9ee8cbc36a4770b937ed03bad5409119f0bde3c6d5939cad8caaa9c1d60

      SHA512

      e90195fd623b64d43ac150625a9475f45fbc820e4e97c988688b11b52e043dd0c69cb154a6c41e5befe8abbf7b87ce4d7db873d0ff350ea4571cf2a3805d9329

      Download Submit

    • C:\Users\Admin\DesktopOSIRIS.bmp
      Filesize

      3.4MB

      MD5

      9bac9d5bab872e21ba34728bd110b450

      SHA1

      272ced38ecb45ea913dcdec32f1d76fcb3d3883c

      SHA256

      8ab26895a8d1e0e6c42fd71fba920988529d0e4dd83e32ef9999f33554f494a8

      SHA512

      0db6fa851ba6d2575dc80289bb7fd29807262cea04c38e790c50f6b181a880905f0e4110509ff8ce25396462b346874a2deb10224c2fd0b8a5446248ff1f9990

      Download Submit

    • C:\Users\Admin\DesktopOSIRIS.htm
      Filesize

      8KB

      MD5

      e7f43ceb28ed4b8e7cd527433cd16dcc

      SHA1

      b15e6a7dd787a7719d61bccb324d35b58e3901db

      SHA256

      2abb3f8c901ceadb5a690a2c440a7ce82f47d9253c6f25cd2c94747301f49f41

      SHA512

      0d5c16896b63c51b814d0a5022ae7f4e69680f211f60bc9c57eea81114551842cb5ba6d3ad1090a8d9d339df00883834b2cb92dc2164beade8661faca3f62bda

      Download Submit

    • memory/552-416-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/552-451-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/552-413-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1064-70-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-414-0x00000000750F0000-0x00000000750FF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1064-412-0x00000000009A0000-0x00000000009A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1064-228-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-165-0x00000000750F0000-0x0000000075122000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-163-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-162-0x00000000750F0000-0x0000000075122000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-72-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-54-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-68-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-66-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-62-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-60-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-59-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1064-58-0x00000000750F0000-0x0000000075122000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-57-0x00000000750B0000-0x00000000750E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1064-56-0x00000000750F0000-0x0000000075122000-memory.dmp

      Filesize

      200KB

      Download