locky | 21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17/02/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

openme.exe
Size

372KB
MD5

e3b3e285390c0e2f7d04bd040bec790d
SHA1

dbee71535e9f1fb23b3f01e25989d22d51237e68
SHA256

21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6
SHA512

6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be
SSDEEP

6144:C9dswuuW1sVyO6x5x6bQ5PJIgNdsalkFrgikCxEwdrDY2AotYSNlx4:CtuuiswO696bQXIqSa2FjJG0Y2AotYW4

Score

10^/10

locky locky_osiris ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
ransomware locky_osiris

Deletes itself 1 IoCs

pid	Process
2608	cmd.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	openme.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp"	openme.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\Desktop\WallpaperStyle = "0"	openme.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\Desktop\TileWallpaper = "0"	openme.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9075968a8261da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000ee0eda4d24fc24cb150425934c1fa269ad039f2f3b45c55de67059d2cc8535e2000000000e8000000002000020000000455f8f40c110be4acfc48e9c0dbd806b0fb3a05d45a9c4e953951245351c38f290000000e46ee36efde977f09a5ba5f9a0bce8ddc5ce8089a0a47a8fd2125102309144402e81f3c17c5de97f1d1cbd8d1b48d0ce92c56e922038fd3b66212d7566293ae496ec684f543e4b6376d2eebb7db535edd5e5bfbb51ec1a0c7fd29d250601647de9ec031bf0a3ee7d42709cb228ec55fad782170f7c513891817348a3edbe785afc7a053f383529b5ff167687786ab21840000000dd94c6b6413b3a0edf05ce40b3addf7c310d3ff28b736a3bf72b5ce4272f8cb3a1f5cb5de349dcfcd1b55f63c9d7b5ad62e4216876c90c1f735bc98131db6577	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414323462"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000009ca1df7ff6619b2c8fc735ef291dc10dbc7ee2ee36e7621e4a145650f4000fe3000000000e8000000002000020000000f1fcc988d58cd652c9213d3dcba574b62ac7bd59614e504efe015aa19055d8a22000000059b759f9d64a9202604603700d02603d3543ddf2ce160256bfb00ff771df405040000000f9699c22e190b4df9008245ef1a440bc2db23a7ff51259bad3c6538338a56f984d2c34ff2c3e681dfc2393805d1b68c3a4ef617db7b8521c076ab707e75b52f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5D79BD1-CD75-11EE-A508-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1704	openme.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2732	iexplore.exe
2616	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2732	iexplore.exe
2732	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2732	1704	openme.exe	30
PID 1704 wrote to memory of 2732	1704	openme.exe	30
PID 1704 wrote to memory of 2732	1704	openme.exe	30
PID 1704 wrote to memory of 2732	1704	openme.exe	30
PID 2732 wrote to memory of 2884	2732	iexplore.exe	31
PID 2732 wrote to memory of 2884	2732	iexplore.exe	31
PID 2732 wrote to memory of 2884	2732	iexplore.exe	31
PID 2732 wrote to memory of 2884	2732	iexplore.exe	31
PID 1704 wrote to memory of 2608	1704	openme.exe	33
PID 1704 wrote to memory of 2608	1704	openme.exe	33
PID 1704 wrote to memory of 2608	1704	openme.exe	33
PID 1704 wrote to memory of 2608	1704	openme.exe	33

C:\Users\Admin\AppData\Local\Temp\openme.exe
"C:\Users\Admin\AppData\Local\Temp\openme.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2884
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\openme.exe"
  2⤵
  - Deletes itself
  PID:2608

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\OSIRIS-7e69.htm

Filesize
8KB

MD5
921419dc4106338654207f16e27f193c

SHA1
2d76df99d67ce5ea84c42ce7ef1142a650ca60f7

SHA256
22a324ca9bf7ac94d75823eefd7a98d085e4cb36fbd5fa17a94da42ee4b84102

SHA512
f517e88646075f382d654b1e3d1af3b37e0e467434aca5f66e5fe47c07160eb8bd9aabab335d88ef990b43bec4b069dad7140feeb4f173642549b38670a84fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce3778526bc9f0badfbb590470067c8a

SHA1
04f6996532d69c225ab7c002cc28d38957d69992

SHA256
df02ffa054e92043b5775cf07a1ba8fedbdb3ba1587efcfd6b5d7ac6fc87e7cd

SHA512
09e3a7912bfebf195c4a0b6422d99f632cbca5d769ebb0a445b6f41d59096148dd4e95a9a68459171708ad870f51851e968db9decb702c2ef28e68cccaa4e5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c92541301c32211c33e105b5e2b8450b

SHA1
6b6c7f29831991acf94228f1280cab4697aace1d

SHA256
b9ace72dc15032403d50b5c3961d189a7fe8603e9f81e33359ef862dcb2c8f6c

SHA512
7e6789a38fbc6e40a6b51d40e8ae738ac045d22340658ee27dc7c599b7f7a5c559a772cbcb760e1045bd7077831f62247775b8158a9a126a20ad3ebba13244bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89d24467b8ac83ab4b887557eae52af7

SHA1
0298fa90441c13ff579592c897b21293dc4d7576

SHA256
661e46a2befa02aa42065efd88b2439cf1cbe5e291980ae5520be8b2327ed518

SHA512
b54a84ceb8636363b2c11a0d479a39cbc978eeffacbe5a2acc3a0dca172a89d0630235f1e93bd212e9c534eca583ce59517f3690156ac5a54176942d1183dcbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ff692b4dd93e8a5d1cf5f6e7d6108b2

SHA1
f202fdc9ff3fef7faf6b7bd0c8c602aa138d996a

SHA256
9501d5397331252e41f7e2f5cf369f4af7ba6715372943cd66aedb4c484ae8c6

SHA512
1b8912084269c2760395780c203cdb5853ca02dfe0a39a251d5bab12975b4b51d7553c528976963135b510fd17e22fda8ba334d25f013d99381d7c5a24bd86cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb6ae3e384f1ef74c0bc99fee2f209ef

SHA1
64a3758067032bfba79cba9da447e01b3bdf334a

SHA256
385bcde1efcd005d52704f11a9f45a597de67925375594c0883072cf9878093c

SHA512
fd1dc9dc94665f43f611ddd7c597cc7aa7145fb987700a0ffbef7fe316453ea5dc2860fb444cb618d771eb9433b5af50a68f50f305d7571f5cf31d8068cdf0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9c4cc3fc37358d9a137b722014f2a4e

SHA1
6776255124e9805a9edb662ca753f96fee90181a

SHA256
c4a1f8fd021ef85dab91279a98112719bb816e8b34706337ee1d574d974a05bd

SHA512
c8e878039f27a347228f84069f50af9691f9cd7c35ffc0ab63455b4c5f03951d89114e7a5cd73fae85bd87eefad16189bea1797f2dae8075e97f6a1158a5b847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49110607b6eda9c4675b85ded6afa738

SHA1
64ea6ea20ddc3613cc7e4ec7cad92f7034e6ab77

SHA256
d99b00963fe011bc0de56934392edfa381f08c77347f7c68281c750974d4ed29

SHA512
28f193ab3d0600a97ed141a59d7089ebe268c1be2afc1e48e60ff6cd3e0322c93cc6b1da08d0e223bc04dc19f50f70ed0a797a725c2ec1ad4478045653138197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
341aac4c7492920d3d0f00a61205e927

SHA1
ae7852cc653327d1bd540efa1a4caab0f68571b5

SHA256
6ed40e3f8568a3e9bc923109a1932f6078265dfde28ce1ac6ec3cf5c7ae65528

SHA512
cb3d850ff1659665eed7fdd07fe2fb9236eaa975b5ac7dda326489bbd58749ec4a72ecc679520db77fbcd935f8a62ce8f3e733bc8c0aa9c1e14003b6baaa007d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac2f14faef2344563e6715cc61b9e45c

SHA1
c0a0914c59caabf3b62b9ffc8d65ba54a84747ae

SHA256
186b8d59bb51233674965f41c748d252a8b67f17c0dcd2d5a8438c947af8729e

SHA512
703eca34e13e33720e92e7c86aef919ed939e957a9a65d19713857bd2453c87194e453173512e846c35eb722135cbd58b61ca6e2f6dd6bf4531598ce887174da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7a21471fc2d4ffb7b636578cb9f95d3

SHA1
5d26b8df30d226c4afaf071c6ba24272bc1428fc

SHA256
6db3f6ecbd2ac1e4a0a59062546efe1ef8fcb31fcaaf113601b304ff22c17774

SHA512
efb79775f0d95cac4a0c0f651f9e4cfe6c3b257254827319aed40b75c53672ea0194b52e24899d4f9afc576ac8d5d654993b34af9bb6587eb6ca111bc54a64e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46c03abb8c96b530b96284bc628201aa

SHA1
861e3605f201c079f8ebe64808bfed1bbbc6290c

SHA256
d966479fe006f16656136fd396ee36c5ca32bf8cf5962445c8e78becbfd4ae0d

SHA512
c45217fa257d60826baeaeaccadae163f8d37c727be9c5b76361c53e504819c2243a708dd565950b13fc3efddc406d36647326434c1f354b04ee5ba1f8fb4a34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
badbe9e2a727030c82652ec00990265c

SHA1
d3f1659085284ecc754c95eeb6a0dd69e3f9fc17

SHA256
57c437e6cc0bf2b03ef470ff9761d5b81adba7013f008104b885eb63a1d706c6

SHA512
261b774869ecad8d20fac510973155091979e376642e479f4ea58517b9fd9098a139aa5343e15490b7652a23de0a8e9c192be8218ee61af798f4d700d79d5e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ba9ac14be17dd7f43b1176f1c103c92

SHA1
5431aabaa197d8d5b72cb1a1825e9473337f8426

SHA256
16c6c71e5ebd3affc0d7eae48f1bb7c99c29736f95bea4b6321e86ea9e19f0e5

SHA512
382e4a669d9a90f4d2612603729b496311270c747ad4c6e86ba7d0c39a680433dcd09fbcc2d142bf0e70dc4d280e35cce9b91330d6364208fade34a65bae8427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e16866aeae6e22ace8a193bcdbaa5a9

SHA1
2dfe3135fb820450744bde10f9dac51727d365c2

SHA256
96d5c5ab61d698ddde2bc444ad2c3e6243cf8daed7fa1ce296b904681e74e0f0

SHA512
016e3b5b7b4569f1078aed7775d8992890ba003b137d89dac560fcd4fd16fe1775dabe28f83d9716ebf91ed8f23bac870c77bf571dd82fa322648ad5f89385d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
020fe0eaa867f9a2b8a651bd6de462a7

SHA1
eb7c8c541c44ba4d94aa6e58f4c79bfbbbea25d4

SHA256
214f6a4be5ae90370aafbf44f3e0bcfc2c155f2cef1c6c7787741f910a757bea

SHA512
959a3f2e617f0119686124f475842db28a6e1f0e24c6a8f5a5b878a19a91576c3c67d4c96c20380d94e8b97a82255e12183011cea527559ea2300656d88d1943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
861013c603d86dffd48a35fa1a397db8

SHA1
6f9e2922e00a004992a4cb06e1abbc3b86271a60

SHA256
7cc278b378080441823fdcfc56fe91e6e7499e5eee4d4f407bf0301c7b57c22a

SHA512
482218362d153b2893f2c06e070c9e5886ae4facbd67af94e868d2d1fd479d5942a498b8d5f7b290f29a9187a8e2a16a19235db4799f12c34de57f0f5d8ed166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2569db362fe179f7f3af0f35b8b5ab0

SHA1
8467b8431d15b6fda0fbbecc15ae3426d2dde0c8

SHA256
d03548bb9570d9342efc2c3307fd95da566489c9ff03a84961b9a21388298cd5

SHA512
7ad16c3cb5a92f5c6516b083cccf2be3aa4f0d4694e6b0e57746d1f147a9e55856fac5e114d1a1df73622e07f67767475a17dcd35ec3d0ad632e1ca88858a214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a24649d7d61d0e33debcc9f5eeeb18

SHA1
40413a0dc60056e169db6d3af73481fbb1f7a693

SHA256
6f42ac0ead17b1f0e0702d8d47fd7952670ac5c2f102563a8cd627302f21d566

SHA512
95d5ad0c9b2bfe2b8c0f926fa1a9084b74445eb7a1cdaab6f9ca23a37eb870ccca7c826a10827d5886cf5ae13a6614ce16ae359745c700d854270bdd5712fdce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52ce37b59d17564aab6b3751775abee0

SHA1
d17ee06df90aab4813053606647e4f63c3d51a33

SHA256
e4868bb16e2c682868c59c6201cda2d880f33b04f18179c80b5720edafff435b

SHA512
84ae31c61d260339e4d0dcd306df3d6114859e48e07ee9075e32d744443d55d06201ef013c034bf431972d1bd3a4064766f36f4e30b1317a51d0b63cfbc7a60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDCBB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDD3B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\DesktopOSIRIS.bmp

Filesize
3.4MB

MD5
dd39684aeeb69669164e8f51d9a5199d

SHA1
a9fd0d1df6b2f14ca8bb32729214b12ba17fd96e

SHA256
bba038caee5eca9a1808318f0b5fee7aa53290a88a7292065961f218b843ea4b

SHA512
6c42c2e8de62295208fe5c6890d01136031114fcbfbd53797726820f0f4bd45ab32e04733b86e67514fe829bdb15f93bf4b959af3b4a74fac561bc55d4ad55bc

Download Submit
memory/1704-6-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-4-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1704-338-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-1-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/1704-2-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/1704-334-0x0000000004AB0000-0x0000000004AB2000-memory.dmp

Filesize
8KB

Download
memory/1704-3-0x0000000003180000-0x0000000003215000-memory.dmp

Filesize
596KB

Download
memory/1704-328-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-135-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1704-0-0x0000000003180000-0x0000000003215000-memory.dmp

Filesize
596KB

Download
memory/1704-10-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-9-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-8-0x0000000003B50000-0x0000000003B77000-memory.dmp

Filesize
156KB

Download
memory/1704-7-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/2616-768-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2616-335-0x0000000000120000-0x0000000000122000-memory.dmp

Filesize
8KB

Download
memory/2616-336-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads