Overview

overview

10

Static

static

3

openme.exe

windows7-x64

10

openme.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    openme.exe

  • Size

    372KB

  • MD5

    e3b3e285390c0e2f7d04bd040bec790d

  • SHA1

    dbee71535e9f1fb23b3f01e25989d22d51237e68

  • SHA256

    21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6

  • SHA512

    6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be

  • SSDEEP

    6144:C9dswuuW1sVyO6x5x6bQ5PJIgNdsalkFrgikCxEwdrDY2AotYSNlx4:CtuuiswO696bQXIqSa2FjJG0Y2AotYW4

Score
10/10
lockylocky_osirisdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Deletes itself 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\openme.exe
    "C:\Users\Admin\AppData\Local\Temp\openme.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2256
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\openme.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2664
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\OSIRIS-8c61.htm
    Filesize

    8KB

    MD5

    fd99fadf986662393b3ed9dc967d472d

    SHA1

    740aaf06ee04cbc04f2b447de5220d74a82200bf

    SHA256

    ad1efc47d945053e0617c5bc5b2671cf7f706bda4492cea3b1ca912121ebf6ee

    SHA512

    0a2afeb0f35f39ec274d79af5eb6f8348af3db52bca851ebb9ddd7120d3ca67e1a89046dd92a657f411654db04c793043166970aadf66fa0148647bdac955a0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2d09341fedfd79243eda56bdb33c981

    SHA1

    7f56cd2f1cd63d7812bf8a3c756573e83efe66b0

    SHA256

    3e6cdc4ca04d6f48be0c0f0d25c9b2ce8301a178521a90554fee7ad43b8ad347

    SHA512

    3e25725304744a0ca70cab570ab89fae661defa6b87a01ee78147816136b55bc99fea17497da8e2b667829fe325b8bec40dda388f52e7f7f3edeaee1562f25e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f668bf2e940833fe86df45f73729ed95

    SHA1

    1198dae0eb6e3efe70097feed270b947fbec5c67

    SHA256

    a8a625dc5e06fe9488a058f159c65b0d6a32c96a606b37b27260cd8c70a25e71

    SHA512

    27f6b7b927cd3a45a343f55e31d928313f28a90ecc9e6426fba93f4437898afcb7eeaded8957133e67d698fc18ffcff59d46c3b37fbb879c7fd5caed8a6f6c44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fca4227f7084e251570b903c7f67d0c

    SHA1

    78546ba7ef3b9d6de44ba4a5c73828dc29c0fa39

    SHA256

    8e98a5f2755757bd009e90b0fc45a81475c9a8f759184b4d79a0ed728370b33a

    SHA512

    77a63c773fc6df2cd5826ee02f04f0aac16f45364e4a16d362df6e34b463b633ae301fa6feb5b3e823230b6d01c4bea4277ac01de443a93ab6f6c4c25122b38b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b7c637c70c7ef15a3301df5ebc88567

    SHA1

    05b2567f2087aad6fa81233517152131c1307fa1

    SHA256

    6356cb86b38ba1a0ac02ceeb27aad8fd7bfc89c15e8aefc78b8dfbf876e7633e

    SHA512

    c8945ad3f785433bda9c66701c60efa3631c65449dabdd64dfbceb7a9b04a6a8a67915778e623f06a3941e91ea92c24169aee291182cbe7dbbf4a44e352539e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acbe7d7b58d700aeaf752136d62ac59a

    SHA1

    6ac6252bc4e0348574de69894d4d10b5aa9916ac

    SHA256

    d086165e4cdec45e1a16a352fee92deae40040fe476ce0adb54b6eb3ea79f383

    SHA512

    fa7d89d42088eb6446d8878f847e6fe942fdc7ddbad9ba8315f94e728d0a401d52cd06a3f0a3dc7458e8dd870d7ef2f8476e340e97a2731b2612752baf1a76e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aa77ac5cebd4bfd019d87d4fb4bdd3f

    SHA1

    0dd2e36307ae99661be16df54148d39816fed57c

    SHA256

    94de38f5fbf8e09c9f5a0f818be402b8371873708c97363216962f19273e3fe7

    SHA512

    91e7b02edaecd30171ec148028dffdc2373e4c4b10e4ece816b5084c13365a6b58e9e8c979a27f1c4b3b942ddb8929be2a29c3c74a8fd57eac95e28dca300b7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1a762fdcb60f2b7809a7ac6ab048e6b

    SHA1

    03f4d5729140603260b21e52a8b65d0e2c58ece0

    SHA256

    052b1d53703dfeada081d2918eebf8ee3a79e7443213430a0764763b4cd91cc9

    SHA512

    f2e7fee68df03b74760a1159b1636aa1b46097e1ddfdacc4f6a78d640b38a728bc65de8bafb430566a5423a20ac52d57ac2d7a06cac0ca8dfb3bd02787f6c82d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b8c222034c150066aaf7be80de01268

    SHA1

    b9117e174ebd9479abb62ed7b33fcfc5b93282d0

    SHA256

    f622fde5bf1ea28f2b3303f4f48c3ebae6cca420cc6ff30a136b3a2503d7a8a1

    SHA512

    ad458e63c5f301c341b5731c0fb4af0d221613f7ffb38b20c216edc60046f3dd5aa4c9aeea82537564327289049a3ae6038f10fefc873391c634354b1349dc85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db9a3236ecbceedb68635a06b42f88cb

    SHA1

    7ee94ae1c8b932b1f8646c17c9c04ff35f0972d1

    SHA256

    ea1f2ff17e52f25a4f4ce1bb7217fa31cc3ef7419e3df99f7a39b5a30e2fe576

    SHA512

    89eed57c41c916d1ba4034c433470a0a32b3461b88d5d8438af091616402163d777ef5632126be2eefd3d88522634c811abb6659acff05ad310032189a82bf1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    459d6e46b940e25b52f69ee0cfd8b7cc

    SHA1

    bdeb1ff46b539eb8a533fa2af7381305a8ace55c

    SHA256

    c7f9c7e7d296239e710d2b9beffad3646e6da48781956ccdb9ad3ccdfbeeadf3

    SHA512

    62ad6c2fb9c7ab29324adda73049b300fe40e1f2ebb3b28335fa3394117e867cdd3ce6d8dfe532d1e539bc9c280a56c5c36aae8b11d2bf9d889d1d5bed524493

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dde35d38fd2e54379f0a59db85d8b287

    SHA1

    b932ec70946852803a73178e9c6059f3d7b9bc6d

    SHA256

    1a3d3695489c21c4453ae1641761e8307ae2fd3e4265edd0b026f4c664e5d0a1

    SHA512

    6be2650cf21f23642de6b5b84089085126e4c09946340253457b82afaec8292497278559fae0816701678561ae6a9b47b80613bf246786607e65b10606bd0919

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2465291dbba94025b232cdc46a90e85

    SHA1

    cb7e37e2c62e3e4b79add76887ed3f36b330bb5e

    SHA256

    4d1c68f7171bb6997d3f8b0c74df2d4b8560a69b39458444d2a9b175b8069770

    SHA512

    bd9d28f061d32b55e7e12a65f1b99e7cb8f0df8303c8ea2fcd97f49a3f226ef454e73427857b79d402a977e2494fd46e5f4af033997a48634603cfe8946370e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d8a81b82240690bdbadbdfbecfb68a4

    SHA1

    867ec3292379c3355ffd21d30bb59434b5b536e2

    SHA256

    4218b69b778ad48d4f1a1056004200c9b9de6f32d3424d5efea829de6eac7599

    SHA512

    1ec05c657f08c9078e8f5bc2c7fb38ad170db149ef40f22dc6d57eb26e0f32eb6b606a473ff2de03e005eadb10cfa50767bdf6aeea16f74bb9b91dd55c14ddd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c54c4df3f962b2091d7251bfc85ff3db

    SHA1

    3464132d47bec9153024433682e98e78a3f3223c

    SHA256

    a3e01a6bf6658c03bad91396f5b30f254f2fa3ba78859dacbb32bf00433fdf9f

    SHA512

    d0608813f772317ec925cfc45f2986907032a962c99073e6013918408d7a8849177c31ff63d066eab666213db4dc71d8071d7cf016663436887bdde87669542a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d7535955691ef19e65538f88bc55099

    SHA1

    34c22d5d792a2d5eec11249910a3b46f3379a0c8

    SHA256

    8ff5600498e25f90cace852354d077bf3caf0f70e13a6eca6ffcb476b7a91a87

    SHA512

    8390558030c5272abb8d5b0b9c6923f27a6f62160c9b5ec0e29dbe04f1cf3b34b6e2af79dcb4d2a93c987c0b518edbf696ee4d37c8a7d9adabfe52bc945b1693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    708c371243f21e7b180af4f038153419

    SHA1

    6eb10ce1d57fd6c5b4403f2ee24fee03c31087da

    SHA256

    546b8c8bfd19adb91b2939afb56c91a93c18036dfda3505d272a25ec9de279c7

    SHA512

    37ebfe80bcdfd6e63cdc84820dabea9a26efd3f12eafa20492e7d89bb07b9e5cd5590a05249ef49b4fd534aa6b572ad2937f1e8ca16aab75b053cb2bf080fdd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    486d60893632c2b29b42761da3584308

    SHA1

    842c186363efbca77e3b2f8efa05e4b427aa3ff8

    SHA256

    96f0a4898b77da8c8e52fafc43d060742ef186c6f60a774dd37ca3f236505470

    SHA512

    0b51c17b0b22e8ca4881e76ee57ddbbe91f65b4dada834f194cd02b47262504caf138e210f92cd8de11bf4400048c3bde598007bb78207e57da73fb16ea6197d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    068b878477e30c27b14bf517471df8aa

    SHA1

    aafdad892935baee856c1ca82c147b3ac4c1dfeb

    SHA256

    d03f6975f29f3cd17307c9b93fad6a91c084a78405e97b56b80fa6629bfd48f5

    SHA512

    dc8cd66e56455fc50dcfde46211b3555484b4c1288f5564e718a89f07027d3c52d2130de544a25d447a18b0b00822c5772eff79e58024f07d0861dcef1336cd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e938e6a2b38eebd75e7cc15ec8a80d7e

    SHA1

    2e8ad579ab93f98712c876922ef867ccb4cd7115

    SHA256

    472a446565529965fc202f1f62126dd8a54d4aae9dbcb0b258c764c103173e65

    SHA512

    515eca9f5d738d6348b7e6529741614093b603b446bf56b76fd2486557629ef6e217cef2b49e5b5e77d7c43f45b7d3de2f1e3f865cdae21ef84ba443d0112f63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab26C3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2726.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.4MB

    MD5

    4de8ab441deaab96baacb095526d21b8

    SHA1

    c6bb5ea683d1af7fade412800489c75b14a5b729

    SHA256

    303722570f057152daaaf0b2d90bcb21e7a1d797447029210a333f64e6f3b2e8

    SHA512

    aba39bcc0d8b5c325cee8bd36249a5617f8121011aec058fd70755c280c1aa2176571ee63ea252733b8cf490a7bfc9166a3ead96c33caae0b3095a1468131556

    Download Submit

  • memory/2044-311-0x00000000000F0000-0x00000000000F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2896-12-0x0000000003E40000-0x0000000003E67000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2896-4-0x00000000034D0000-0x0000000003565000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2896-3-0x0000000001E70000-0x0000000001E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-0-0x00000000034D0000-0x0000000003565000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2896-5-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2896-7-0x0000000001E70000-0x0000000001E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-8-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2896-11-0x0000000003E40000-0x0000000003E67000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2896-10-0x0000000003E40000-0x0000000003E67000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2896-310-0x00000000042F0000-0x00000000042F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2896-305-0x0000000003E40000-0x0000000003E67000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2896-2-0x0000000001E70000-0x0000000001E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-1-0x0000000001E70000-0x0000000001E71000-memory.dmp

    Filesize

    4KB

    Download