locky | 2fd6e890d882a29f4cfadc123f8016e584a864aba3c1166dfc0fea4f37a66fd8

Analysis

max time kernel
139s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe
Size

364KB
MD5

9533202d7c1075d12f1a900cf8c950c5
SHA1

cd23d34033b14515a084bc2b4870c11cacde0f15
SHA256

2fd6e890d882a29f4cfadc123f8016e584a864aba3c1166dfc0fea4f37a66fd8
SHA512

f76108c1014882ea2671cf91755645af6a33f835bae597ecab6d81b02b564501b1380142f5cb8b638ae6751845d930bce69696b13849be88b9676805894071c1
SSDEEP

6144:1zGwKmwzQoBnpA2cQJ4R1Y9+sSj22UJre6OmLFrHXvu9dEP8vWy0oB1wO5Vzt4:VKmwzQoBnpAkJ4R1Y9+nrKZJFrH8dvvC

Score

10^/10

locky locky_osiris ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
ransomware locky_osiris

Deletes itself 1 IoCs

pid	Process
1856	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp"	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\WallpaperStyle = "0"	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\TileWallpaper = "0"	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001888f92f79706043be616b3bc4e2f5bc00000000020000000000106600000001000020000000f3a0c60fe68bdc7aee202f95843ff0e6b003ffea47032b0f32e6cf00f370da13000000000e8000000002000020000000a368ac9f2ad730e37e06985d84a33f024a85f699247b3aacd09603440f3a87802000000076ab8002ad10306a333846f1db43421d2da7bfbc01ff00ceda8fc475e0347f6e40000000e14b713aabe20b6f1a8b7343277a4c4ae1f300ec136adffc6ef862229047cf313bb5d489bd12f3469cc71d583bf34319f9428c3aaf9b57fb7f58001fe266df4d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001888f92f79706043be616b3bc4e2f5bc000000000200000000001066000000010000200000004470a037f20f9e71763687fabe10201969fa1068e615dd220ca9d3d51bbcb78d000000000e8000000002000020000000cb1d294c05a892cd7a066d7981c312a3b89142325e2767c50a7ad4701907e71c90000000b59ee75bc3628abca1c2167bbe356304839a433a6918c3d11f969fe3d104dec5eeb1a314dba88022f102e7c0413184931e8688e0f6719a5d0fd4d4b3dbbcbfe7a2c77750034070701e1ef3842df39e16469af13f5af163b50bff87078a2b45c3c9bb64fda193d434ad4d95f305e526c88c9b6250d45b95279f8c2e61672a43db200c18e0e808b2255b3a995d5be5186d400000000e26f99d335d5594006c3ffca9d3c3aff858378c6da2e9d98bc9ee3af2d3b505f8e838bfd64c312ab6e3364cc1e1dc7c145c79d0721c46c36b362fb8eccfa4b1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423673554"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97169021-227F-11EF-A34E-5E73522EB9B5} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f098aa6b8cb6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2192	iexplore.exe
2004	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe
1040	IEXPLORE.EXE
1040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2192	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	31
PID 2236 wrote to memory of 2192	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	31
PID 2236 wrote to memory of 2192	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	31
PID 2236 wrote to memory of 2192	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	31
PID 2192 wrote to memory of 1040	2192	iexplore.exe	34
PID 2192 wrote to memory of 1040	2192	iexplore.exe	34
PID 2192 wrote to memory of 1040	2192	iexplore.exe	34
PID 2192 wrote to memory of 1040	2192	iexplore.exe	34
PID 2236 wrote to memory of 1856	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	35
PID 2236 wrote to memory of 1856	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	35
PID 2236 wrote to memory of 1856	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	35
PID 2236 wrote to memory of 1856	2236	9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe	35

C:\Users\Admin\AppData\Local\Temp\9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1040
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\9533202d7c1075d12f1a900cf8c950c5_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  PID:1856

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OSIRIS-dcaa.htm

Filesize
8KB

MD5
6f8d0aac2ec84eb65ab7305a3d22578a

SHA1
5987d0caa8dc9be4c2411ef92fcad238bd257f6a

SHA256
0bb2e348a2eb94e53be558973844e0a6939a3d40bcc9fc4e3c08308607121e37

SHA512
6be24f07a0577968957f262506bd14bb3288b49cb7b0deab157d41b3e95fff132c0c0d8e8c50b96971bcdc1a36f32f2423f0aec483fa1339abb3fd81f36e14c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab5e62a0c56584ea495fddc1d286ec36

SHA1
cc1a83b8474d54a5f1c1f0f966a7267f043171d9

SHA256
3ef6651df7b835f8df85d81cff005b79535947b362ef93b9972dc12713c21697

SHA512
99a35e2d2fdc6223f6e576ad968b61576167fe6ab7fa4213fcc3cd7ed0eb8a38432985e7c247b25dc597ae89bb480f03e11ba59972b77a27c77fef8c9a5b59ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbe2248ccf44bb36fe23071bbe59a822

SHA1
6e47d950371496d711f89e8e8a6605e5a9af946e

SHA256
09d8dd391f3d59d41fbf1d439c73b34e344cdb7df6188b24d87e77e2d8d66103

SHA512
cf0cb0bcd6adf5fa2403e853271e539c037a7f54e3f11c74a7d0a29e46f3ee1e14b7cc075d1615a83128af3718f4dd2b774389c354dc9296a1467becbfef9e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcda611ab44f5b47c98cba64f3ad1548

SHA1
c7ad6d047d0fe6766ddd80b31592a0a3deb63be7

SHA256
33854712ee4ebed6d66a7ac87164b542a51b30baa9f4b98eafa7a20cf788a0e2

SHA512
d87751ba35fce32033ba41292e9a31fed81ad92dadacfc5f7213e49a137d1039c6e73142d0cba8e4306947253cba71f049118801dc966a7e6615925a837aa950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80b4e67791e8042540bc2f4e149da4fc

SHA1
19c367018959217d1ce9b385fe631986a50f7b56

SHA256
a8968bca5f9bd8837ca0e4e2ef23d7cf9f0e99642247cc048c91758053a5209e

SHA512
c92aa9b4238d35223d96b5d3d7522058c233266323fe478afbb7a1adc90402f7068f3ef4b541460553ee86701668f7b3f70bbb08299754c2fd0252d542d1a074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2439d85675608cefebe13891877eb698

SHA1
60f31906de3fccf5ef9711353939a12248abaf65

SHA256
c462f5a99fb4dd407707a9c5f6ed67fa442659b67a556cfddbaf40822094c5e4

SHA512
46774ffc272fb4652832a52905e6b10a205acd20a5f9532c7710325486409af387bfa8587e2c1178dc50d70ece5645402c9a32014d525bef6850cef6ac0548b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
092a180fe69e94fe7b9cd932a9fa5d9c

SHA1
c72ee16bba686c040ada1b34edeeec12bba6e8c8

SHA256
88bd79fa407f5277cf931ded9d7f6b1a9878100a4a54f5e278ca33a52b0bcd19

SHA512
201513d27426b2ae027c863cbd53a31ab221cd3f65576c3eebd07c01f76203bbd39fd5cc3e1183f84f36a4bece037907a0064914a9e7ef11070f53e899e73637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f89a4a8606a5155424d25f616f42061

SHA1
4ce639891dab24de80b7326cc337d193476ec864

SHA256
17d99ed9974b82c22b672093a43be53f173aec94c681dca4661733416fdb7577

SHA512
9ca7fcb9bd8ec23d96ffca831e83194845764e24e63d92900b3e71025987d409a03105dd5b29555179d4c6849137a3449702087bca22c2a28083b6840347884d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e1ca11588e2094ca83cb2e5e5d467f8

SHA1
79af47161c8f714da1b122e682f68d119846290f

SHA256
85ac23d0ac18789c3366ecdc2edd99c5585e4582b6a6e210a10d983796ea4959

SHA512
51e6b1fa1d3ab03b0d9377f8199963cee4779c29d7aba6145211b47f7f43b2074e6209e19de7b98addf8ad17b0f287b8feadd4f5a5be8b5b49ce287725fa6205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
736ca359bb04edd952f21f6bc5ec5eab

SHA1
af85bac3493a89de4827e7bc4dd2464062b2e21d

SHA256
d64d171c768155058c44c93ac76071d812b9ad64bff65b1ff37f069735ca902a

SHA512
7c0e65d51f75189086bcc30d6ea8a6807f5724e15f6df6a93aaf867c7645e71c22759e7ded1e8e27a63632470519e583791c8d9878b0bfa49c9153f0ed4dae8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e2221506b48fe3c40995eb1f3ba062

SHA1
c4a3af95d7e5dae50722e7fca5e3f9619db9842f

SHA256
37c5a628330dfead9265dbedc39fd152c5453886e2589bcf749db619bd132c41

SHA512
e5f57e3e17eebc92a77e83c7b260198118ae249fb18508adfd6018ff3fbd1c161841fff6da7af522bfad7c1b7df1e1bc47cbbe7225bf6bfc464fc71af464e6c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d1911a6742d9b78d5b3ae283c345c2f

SHA1
93f1f6ba4c51a235652f1be0191481ab4f86ddbb

SHA256
18a5ab0dd3a81e1291de7b0b77a2da30b639aa9ab90a26679008e3c3a07f0f5c

SHA512
50f9d47de81838531c41ce99605daa8a70fe855458fe6bdf516eecc07257b6369233d5ab90e91073a0687e3801073d50078e4b1f5bfef51a30bf5933d0d28387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a83fcab6189575d2dec0de7dc5e7c6

SHA1
ce781d05762f95431e024897dbd161f59a8dd6a8

SHA256
64889e59b49e5cc3c7910b7633a8de0b819dec2272d45274e1d768b67ff6d902

SHA512
ba49a96ae020f9889ee577b461ab1538abcffe3a5c34a1e71b89017deadb15a3a7855a5ee8b3408dba5c3c27824a97fb7d1207296bb1341d61969e5e7ff3ab91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e673b9d47c8befc9786a91f0f1a26b2

SHA1
aa1d145bebc5162bf00416d02c1ac84af6cd54f9

SHA256
66986d2131e0dcbd37fcc5228e2d609d3604bd0cf16f329bf843ac73a5d52e07

SHA512
5f8d6b00a90b63bf6140c425a850bb84334416ec619e6b39ff0e7ed5ef11e118461982543a8eb7855f3c98b45a22b543b04b39af798de94fda6eeccfa2e0a903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
217190ea74ff26444be04cbbeda21802

SHA1
f7bc87d5a6364521b4a1de8578c635e974a110cd

SHA256
55d7fa026f87d3c421d42bd95bfc5073d6e97f9a0f7e22a6fab6314d02309234

SHA512
0bc015e2c68303e610fd6a04a273c289952825b404eb277838efd29a920172a24086a502dd906e77839173bc39aaab035f6998e89094d25f016ce951711fc6cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ee01c7d01acec4b71e4e7f361889d64

SHA1
91a142dc78328896b7ee76c0fe4d21eae0fa1323

SHA256
393a115940680ea76b11bd65d54161caee709fc61866567047103843d2a2d0bb

SHA512
8975a45913b9ac42c1382c85733dc4439fc33ca84af25f9b49cf7aa309cb8ac50784b074246baa2112a24ce0f286df0c086d3e8ebc8b90916243e70d4a6dba34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9048369a89564542d7acc8a45688f791

SHA1
7656616d5bfc8f3dd7cbcb330a2e4cb1b7776c7d

SHA256
206855c16a0cafa4516233bce27bb9234c25732cd8bf645005c85a5f81178902

SHA512
4cde78f4a1463d61b34b6cb049644096d4a17216937dc4b51c9de1077a96dd4f8b011998912962a749ac42fae6fbda1a131cc7d912ea94f26863959371916fbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
369e536ef4314a45f0ad294c7f9cf2eb

SHA1
02010ac481c128d675dd86641e4b02604df60641

SHA256
3c31c89f6c2dbe872265c47a0e2bd57d53953482c0f6e1038d29b9dd607c0b10

SHA512
d2cd536c40f1a366ab20cf91894bb0306ba3c98948f1f7ceafeac0c090ea1132dbd09b56d7abf56f2dcff7de4b0b30a0b9207a9777a4491c97e8712554302c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DCC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EAE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\DesktopOSIRIS.bmp

Filesize
3.5MB

MD5
fcfa822db18b7b76f53968466da66b19

SHA1
74d70be7d83c809b9fd7084d324a60a0047bb363

SHA256
750bb22da66feadb9bbfd0904dbdd08178ecbd64c969c12842a796124373a4aa

SHA512
1da3c6bc3fe8a6d8507ae476112a07c9a6d6b0114db5a0c146fcd6940a45a46ab82120fe664d22a33baa13ab1b4bd9c14e93c35025321ff40a655992862c2fe0

Download Submit
memory/2004-363-0x0000000000120000-0x0000000000122000-memory.dmp

Filesize
8KB

Download
memory/2236-357-0x0000000000560000-0x0000000000587000-memory.dmp

Filesize
156KB

Download
memory/2236-0-0x00000000026D0000-0x0000000002784000-memory.dmp

Filesize
720KB

Download
memory/2236-8-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2236-26-0x0000000000560000-0x0000000000587000-memory.dmp

Filesize
156KB

Download
memory/2236-25-0x0000000000560000-0x0000000000587000-memory.dmp

Filesize
156KB

Download
memory/2236-27-0x0000000000560000-0x0000000000587000-memory.dmp

Filesize
156KB

Download
memory/2236-362-0x0000000003940000-0x0000000003942000-memory.dmp

Filesize
8KB

Download
memory/2236-7-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/2236-5-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2236-3-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/2236-2-0x00000000026D0000-0x0000000002784000-memory.dmp

Filesize
720KB

Download
memory/2236-1-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads