Overview

overview

10

Static

static

3

s1-d.bin.dll

windows7-x64

10

s1-d.bin.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2025, 04:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s1-d.bin.dll

  • Size

    159KB

  • MD5

    7932ee5fa6f83b149569752c47e04b87

  • SHA1

    6eb115feadc5808507fb5a666dd18aa89a45616c

  • SHA256

    f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b

  • SHA512

    17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58

  • SSDEEP

    3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score
10/10
lockylocky_osirisdiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Locky family
    locky
  • Locky_osiris family
    locky_osiris
  • Blocklisted process makes network request 6 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\s1-d.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\s1-d.bin.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Sets desktop wallpaper using registry
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2952
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\OSIRIS-6332.htm
    Filesize

    8KB

    MD5

    d5b2442e4f875ce44e84f74f6875d08f

    SHA1

    d2de55195c69a4ad846735079ff17d1467d1bbe3

    SHA256

    9cfb1d87fcfa698b80034c969c488348a5537e3f994312a327cc039a54afbcd2

    SHA512

    28007358262c4e2329d212e3298d0c75c2d4aa8cd0ef95b20563e48a080ee3f8eb654f28bc699e7c1107392e6152a892dbee02e698b05e07f4585f943528d924

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    695f84554e3b5b134ae2aae08e3c384b

    SHA1

    8ca5d358c2182f78dd2f694ecbfa427591aea277

    SHA256

    0139cbefe7dec9b1303a45064aeddf238726cc70669e39c3ea0f5591024ee5a6

    SHA512

    775e45174617d6948de58fdd42287d17fde3fdcf28034b736085d730da4c334d24eb2623efcf793063a3ff02df742e7db2b4988d37d9811377a853af52d2f953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12b6071375a2c68334a91d0fccee6500

    SHA1

    b0b1d2e37b6ca060edace6d9c7bc765783b55d87

    SHA256

    57f4dd7e6eeb9668e3298080039a7ef9b8940f82f41e634d40b054be3a2b46eb

    SHA512

    1168f5c1e30d70cfeaf968807f5cbcb583f23bf288860332c8d1434bfde66fa8cf7e9c4ab8be15fe84dab4370ba191add4527a940fa82b00bb0741112babce09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61c84b64257067a47f8b675cdd46ddfb

    SHA1

    76c250b15f8b80b3f58d1ca74504f1521ab8cc64

    SHA256

    5b354d5c42614534915505e48696a14ce37a3ad85ba843e6ae47f66e2ca75743

    SHA512

    131faead0b4a1ca3e8976d2e7bc72d39f15c242b267af6e64238b88769ced0861104f5973ee362e99e15c7f74251c3a8aa26a7f9a2e9261206ef272d0ea9c520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c46f872f9a3d4fc955e56ba4ea62b046

    SHA1

    60723c1087c4674f518b93ee6eeab24333b6513c

    SHA256

    1869984ad92c049583edcb5ff09c8875cdb0b4ec02b9d3912aa681fff0bf20e1

    SHA512

    35c25e37f700efa202b2b3a922ecafff5f1544925467090c13f686af3fe7385fe7ecd78991ad41edcc8d4722012355a93381b4e2f1b52a62098f09b91de617fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b63d2ad12f0d72e7d6dcc7cbcc735475

    SHA1

    acfeadf25358bc701849aac22ee2e79946ff62c4

    SHA256

    0e30f5f9b1caf4a9aa82b6f5945724ea7bfa1383fd9658e72f712c7dfe82deec

    SHA512

    380b00b8401d6eeae03ce81e2ea1ff3b3a6bf17951c5c0c8d98662e05fecba402740fb08a27350bfbb9f06e5ac77511afca8d0999edb6b0a90959bf8d5c2acf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12e8dcc852776a60756ed700fa727eb6

    SHA1

    c9086cf9a2efd97fd7b97e0d2c437848bc51bb58

    SHA256

    4ee256ac9d4178956bde30340d73c4606cae99721802e3bd08787e1088be6d2f

    SHA512

    dc105d2575aa826c5a3dba06136e2d997790c5d97965a5af604aa67414302cee90b7b13936156103adc7300ede70105a79557f4f1c485af8e9dc737a137c62cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24f2c2eee2673967a032332aaca49e30

    SHA1

    3791e55185a86a692080b3554772d19679f252b6

    SHA256

    b7812b5869ec569daa36ad4ae7a9b69c0e717e628b5dd4037e8d015a42941ecd

    SHA512

    c822e4daee70dff943ebad4f94138fc83b8fd2e880c572665edfa6933e019ae0553c5b5e8773c439b6c41a569e36791ec7fc1b2d7b547f23d2922ff239f05779

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0855345955458b1be31b516cd9e56086

    SHA1

    324cefca753053625b86d6752b7ddea432cc5b4f

    SHA256

    3c82c87be42643645b5ae6bd8db10809356bd4087a1a4232d4e9baf07ff591ba

    SHA512

    bb042a28ab8270de08f250ce6335ae77f820cad1d3f0dad5e99ab2343cb3d653178f9be6729b9e6e899cb7368e0c94c6b73d8dca0a212b9b824214d299460e62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7e65d931cc7fda2db631e9e483ec002

    SHA1

    f632fe983666c5e3f14e13b93f8846a3e0973ef8

    SHA256

    e21766cfac410276fe37c0884c67aeb55e8257da04ed756a251be6ef667ed234

    SHA512

    906a22dbd2e606866decc747295322921781a91a798a8e5dc6916df149221358c01ec948c56ac019a1b8a94e18af073718169ba83dc07c73865d8015116a4beb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    022e9c1c52b53305ba2fa656b2ddeae5

    SHA1

    3d3ca5b9a76b1160f0fe0c191e0cfc17d87d2dc2

    SHA256

    50a19e22604a59666e947456fb3391dab254e16051891ae075cea4517666d0dc

    SHA512

    89a064b7742149b1c4cdd0119f6e86a3405fc92b86fb718e94afd95d311f7953a98fcd6a2e8115acc50ca41df2f40ac3fa77c6d15f46deff228958551ca775bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88efcb4f340fd0068fcaca20b12e1a2c

    SHA1

    7309e3d12fd251014d79231745373d19b11b6ab7

    SHA256

    3f6aca4c0257833a8b7fcb42190dc8d1b4b729e5a591d3607064a92ad5d017b0

    SHA512

    c1a35221b35e6abc76861dceaa6861d64fee5a26ea68f7fe2ed91d0cbf9a262d2ae5b99821ebbd92539cbf504452d9e5200d929898b3f86875aa0b32c99a7880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2db1e3faeef8718d3cae1e06cf2602eb

    SHA1

    f0d90e9100c780d22a2d60a449a1383430c03eba

    SHA256

    d3861cd22262545f81c29a244f82a4d7da866351371d1e4c127a853ba9403586

    SHA512

    9d337d11d030ca8a6fc79f798ce1a1ab6946d0e2f66c4e2df94012769d0bf2714e0aac508835c234f4e36e7087957645ff1a9d3e338e6d9e271db190ba7e6619

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf62c2501ab3ee1ad9a5c4bf28d955e3

    SHA1

    a889640046c829acc7950fd65479b8c53602a337

    SHA256

    0ec84da03d9dd41305bb333943207b81ae018afa8f72e611fb98178eb286b5ca

    SHA512

    773d89874d312f7311d712c39f1d3f85eb595e84400a17e4fc38688b42b80f272c249cf869cbb5598997e0d438733cf041141014d50e67e8b0f79e3b81591818

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab87C8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab88A5.tmp
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar88D9.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.4MB

    MD5

    ff1454dfa452158266e8401a09fbcc58

    SHA1

    e7e650df77b7e2b5da2d1b15c252ca16c779dca8

    SHA256

    8ea46473697abf96b4b869d0eab9975e4f01f7f816437494f41442361473e24b

    SHA512

    e1e0bbd40435bde522b66c4acfaa92470706f01eb01b235e79190f3d56b07ddf759ffc6aa010df0b1cd08629872509688a32b65be36a9d066efb3fee43ddfbde

    Download Submit

  • memory/2612-13-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-15-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-3-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-4-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-339-0x0000000002160000-0x0000000002162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2612-21-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-19-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-17-0x0000000075340000-0x0000000075372000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-16-0x0000000075340000-0x0000000075372000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-342-0x0000000075340000-0x000000007534F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2612-2-0x0000000075340000-0x0000000075372000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-10-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-8-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-7-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-5-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-0-0x0000000075340000-0x0000000075372000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2612-1-0x0000000075300000-0x0000000075332000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2984-340-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2984-341-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2984-819-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download