locky | f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b

Analysis

max time kernel
359s
max time network
359s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
09/03/2025, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll
Size

159KB
MD5

7932ee5fa6f83b149569752c47e04b87
SHA1

6eb115feadc5808507fb5a666dd18aa89a45616c
SHA256

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b
SHA512

17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58
SSDEEP

3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score

10^/10

locky locky_osiris discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
ransomware locky_osiris
Locky family
locky
Locky_osiris family
locky_osiris

Blocklisted process makes network request 5 IoCs

flow	pid	Process
2	2820	rundll32.exe
3	2820	rundll32.exe
4	2820	rundll32.exe
5	2820	rundll32.exe
6	2820	rundll32.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp"	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\WallpaperStyle = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\TileWallpaper = "0"	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0e2b6be7508fd448c1644ed99d118a500000000020000000000106600000001000020000000501e0e6d7a8e09d37fd720b63c63f180df9782c4cf629a5bba30bdf6fae4b509000000000e80000000020000200000000aaf9dbe4e7a7b2bf98f351f6e69d62309b1fbfe5e88998c1eb166fbf695842990000000c438e9ada1b6067f62ffa4991db7e9d1bf4fbf4e2ee70abcd611eecbe013aba941c6a78c94ce4d5efcb69203ad1f7c32b84e60a902d398850bcd3e8f8482462ab10d151df5fc2eea02e8d1b60ee6e37e1fc2088c8d16686efb22bdb5497a9d2a80284a1ec7e4e4708d311d5b94eb86994bbefac5012cb753a81fd96ff1e13551287c1012e09a7b14b6d8b8a246dedeea40000000cdfba612d4daa18ed2de5c0c800d77b5864c0da1dd821f7903fefad7dad856544da622e4e5dd8ceb1793d2c5b2569510c4f5bb4aaf67f491a9cc6dbeac054853	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cdbf8eb090db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0e2b6be7508fd448c1644ed99d118a500000000020000000000106600000001000020000000286d1c516eb6318f5553a34ee7b18da9ef6a96be75dfe85e23903e345311869e000000000e80000000020000200000009b9266f8abb0b2205c499023ef3e43c5c63b68a4c8cf4f9f7e4371efc19606002000000031d677c237671a3c3b395c6a32261c6c28d72296959c932dd2a66086e329ce70400000008fd8d6c59431d4207cb55dcd6ab5a1e5df6b441eeaaaaee534d80fa2dd4331352ed99328adbff3f00472928924913e430b229ce0aa15ef8789a2399be738dceb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "447658428"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA308EE1-FCA3-11EF-ACA8-72B5DC1A84E6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2896	iexplore.exe
2972	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2896	iexplore.exe
2896	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2760 wrote to memory of 2820	2760	rundll32.exe	30
PID 2820 wrote to memory of 2896	2820	rundll32.exe	33
PID 2820 wrote to memory of 2896	2820	rundll32.exe	33
PID 2820 wrote to memory of 2896	2820	rundll32.exe	33
PID 2820 wrote to memory of 2896	2820	rundll32.exe	33
PID 2896 wrote to memory of 2748	2896	iexplore.exe	35
PID 2896 wrote to memory of 2748	2896	iexplore.exe	35
PID 2896 wrote to memory of 2748	2896	iexplore.exe	35
PID 2896 wrote to memory of 2748	2896	iexplore.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll",#1
  2⤵
  - Blocklisted process makes network request
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2748

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSIRIS-be9f.htm

Filesize
8KB

MD5
f9203dfa2cd7738bf7aebf46a07a2209

SHA1
c22e7fcc34dee20096ec295e1922be6436e19767

SHA256
cb77b8f749f17a68519f043cc8671ea76255ebf86e172720e94f43ebcfbc5fe9

SHA512
7267ce327447ee9af45d8d12976dfcfd9314d7f184c8f74b949cbce02a7ca29ddf76d03740bd04b60b62b0df064f2586e85d4f96ea085febb8516d9695f047ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfc0edad398a70902820ae2326a91cfb

SHA1
bcc0affd153d6bbff8b8ee7e50d4a5d3354cbd64

SHA256
42398d03fb24c494a3ec3acd317a7647b7f8c4727abf3a87a55856b748d2de4c

SHA512
2530e23a478c2c7befb074137daad74307fc372892fcd3f80b413af64c93b1ce5aec002ba13122aff7d944dc09697fb955172e002f5759c413feb0034a280935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cba85ff3f36bcc5c244470dc3f2df0d

SHA1
8326ecab7a74350afa8fcb9f67b3cde9fdc80d66

SHA256
f5ccdd7fba03a85cee714eb67050d66c67fe5aeac01937624e61d31710c8fcc5

SHA512
067c1df66eef00c6c40a0aa734444580f357c28ff09cddf8d9acc801a09f998788a14d9f1070b56baec39a822dab41f53151aeed142aef9a06df8f6b37ce2ba3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18dbf2853348202fb29a755bba46d5e2

SHA1
86a43d408a9553b654391bd52c3e5709693818c1

SHA256
649d16df3eb5eadae65a10dde840966c5d45cb86b1b830acba951d1e36717799

SHA512
c1c794df3904b227a6f0bb06673df3df3c4414775044bf089720367821aa6a7983c4123aa7d9e18092f68edc727eec3877f76ebeaec3ec08bf343833ece0b2e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b93750dc184a6c9b52c8f3f69c9d4648

SHA1
e2671c964e2e51ae142bdfebbd8eea80bf8740c7

SHA256
c6beb5780a88682a4267e9343c9b1cd40c8881cfebd50e6d6c4d5e4be064d842

SHA512
f8bf1f4b3c85f240e0ba78289a9fb28793d1030b9f8e6e3a97a9d38dc12a895cf7fbc4cce535aec3c982428a5d518fda0f2679ab2e4cb85f0ad9a1283efb8ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b2bcb0b8e70ad684289f1e6ba3b4f2d

SHA1
e38761393cef9fba13b353f4636200caf8785b3e

SHA256
166718d950d143d1f69691bed6d101ab1a7771e29cc2294fe8194deb14a6393b

SHA512
a36c8b00c536b2bef71bcee023570650030648933e694ad80a967781523df77b8c9cb8d83692a077ec79095b4de3cbe0c538d3fa87966aa89273b88f984d6cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c24e07d8ab91720e4055e9fae725430b

SHA1
21507335d76550764a3a46431b423a8aad46c66b

SHA256
746674cf992d59c2e88f50fc689d4b78ddf5a53402706f20226fbc0e303cd4b9

SHA512
389a4b07e91f712f029bccd2a4c1d42a2ccc77145f428fa8092131e443a6179c261f7b1439bb98b68287f00e2c1a2feda4991477a56b646b9d947fbf89c7f2d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee4a2c5d03f7147f2cdfd634f5f9007f

SHA1
bb2c82157bcabbc153feb436e94a6b2c093eea4c

SHA256
e5ced270156bd84776a1813c09374342e532bc8a8c612aa25ac96914f81aa66c

SHA512
952de9ff418b91f98ba72ef7323b8e9dec5574af16bc7434f8401a4d29d04825ea96af7f4af8897e18525350de6f7e01ffa711f566000d9028047344c69fdccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba40c1541914bfb6ba6eae3e66756742

SHA1
ce18a055fcbf959272f2c7595d308f428aff4954

SHA256
de810a376d90e3d4ef567fc71ae7dd9ddfcc0027bfe93145d894a5e70681bf4b

SHA512
a71c579bd3b7fd85532b9de459268cd656a93ed4af689f4e52bd29e99aad2c403f332cce975c878776bc3fae3adb538d28d4eff185a7d23a13c2fc6a8ec71eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b49cf2ae8b8906ff1b85dd1f42dca00f

SHA1
7dbf9d00c88dd5284bc2c334c1fd6e75d0509fd1

SHA256
1cd19763b15cb4d657e2613f2504c41eed0e2e8ec4f6ec6e5c6429368d376613

SHA512
d8210ff163ce9a7f2d0ba600dff7c0ec2253a5e6915b2f0df6be5273237600f555bb1b6ef183a1cd6175f47a0774f4942e4df27b4eeb1551cf634df0bb7de9cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c34b16e1c85086369ffc6e92b395ae57

SHA1
5599e671a409d0bee913f08256d939fef8094f8f

SHA256
52bb5d73dbf734c0a30abb749890b7946f1454a43fead7e10a6f377b286eccae

SHA512
c2f96f271dbe2647ddfd18fc8c5260d714a70741ba27da9566ed76a9cf68b8904f912c60cd27af19ee35df4e0ce19cf957a8eb0c3cc10e0d09c6bb01499e504e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e927f4a216ba189ac1f64876eade3c66

SHA1
87631c2d0f627d7d6ea259fb41d0e4b78d14d953

SHA256
806b84faef8b68969f7ffc6aab64feb4f44321518dd918f5facdd0581ef09ec1

SHA512
0c2f232abde40fdbb465da175fbdc50ab38c4c29889c5f9f8a4c6253e736f588348a31b068ec3ff582320b7291717b8c7c0278482d10c3ff8f136bba3ad6b83d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49f6bc81d7c59820e7802ddfd4703b9

SHA1
4eee81dfa5719ab9adbf989d18cadbfaba25d90a

SHA256
bbe28854b7b6f9a9e18c12652a34624a1e547564905c97a3248edce59cd46622

SHA512
6e81fff0cf78ae44435509d14b904ce2c34ad96100d3cdb4ecb0b00b9264b5d403f85beee94f06eccccdf410c00c763b27bc3b2dee1918ac889f9cbe9b4f970e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42a6cccfcb3670b22ac9a99be17ebdbd

SHA1
2bc60647da18bf7b71b2e8f21f4a3df0c8f5f7a0

SHA256
b984d31666e255596828bb2cda8c6aae63fb7abee4baf7f623a2652a7b45c5d3

SHA512
89028188377a299fb168258f2b0bcf8dc4994e240360d6c3f65d2c4fd948c0aaf8985437f4c9d57d68e37981cf75ff1e9d1d7031494a1bef90258e1dd744459f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2d652b983aac57dce09679ec964e58f

SHA1
2ac2c58c780142bed47f361c7756c6ab9fd63bf4

SHA256
d4dd5080295bcf5e01882fb195bf078c45bb080d8fcb4d511549bf5ee43934c4

SHA512
d4e3e3318b0b9f7e3314ffa5c97ee0625c506d27e32f3f0f7c2dcf606908fa3e58cbdd24bca9ce086bb82759b08df0ad99a369508ab80b1c5f5e172139a3d9d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
028357ae15bc4fc0de5e8e984f2b5121

SHA1
a62ca016043902b2f27b914493485c3a88c9a4b9

SHA256
ee8144dfb998fd1439491127c50208ce381277e50819aaa8a032a7de08a36211

SHA512
45c4d8a2367c1e1fd795de426043f6a9046a3dfd0fba1f6c9b05adc47f24628262c629c0134f3c868bedb07cff5b69423ca5ec578e3d258132478637a6ea3021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
265da6d3afcb3a99a3b5965b1f24b2bc

SHA1
07a54373b1204482f5278d63e6bb838fcd556cea

SHA256
e508fc42de8333885462da762e18f9360bd0912fccf1117cf3e7a7b461ba0474

SHA512
0f0419a6e870e19f096b3329ee4e79e06900ee63c86b3952e2d7c475ac1a3c5a15a75f936a3196b24fd3b3ef4ae867bbfd7a0fdddea92dd212d89d73c1792c0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf960d33ef94439e0eecd91f7670ae5a

SHA1
cef6b5ea42a6bff2c4b7e32163a53fb7a3a8d156

SHA256
b52ff1df8c385235988f4d07e2472820747250e9312287350083bace05275bc4

SHA512
b893338fa393e397d5bce9cd99cbfa9aebaa26b82dc98bb9b95fcd2b96fa1b84f784a546d4b77a9458b51fb0bd898648273be4b902e8a9cac631d627b35c1c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b07a572bb9c80b69beb95c80f1a11a6

SHA1
1a491f4d1e4542a9715c8cb8944d3ca7d9f85549

SHA256
d2bce1b8531a8c3940baf5e36a412e1aa6f24e3749f27bb12cb744b19d1faea8

SHA512
f8083239935b9a4b9c0bca58cef5c75b224962f5580a879708e6ddc2958a468bf7edcab6830377288fd35d0ba876c01e7ef246dfd8fd9f083e75f5c064e81102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
739b75da2f9c7ca19aa11b32d395c2ff

SHA1
9417e9ecb7c30fdab11669872d13f07341d8ddbd

SHA256
68150d64d90c605ceed6ded750d92e54057ee7a402a425373eb3dcd27c0cde16

SHA512
1ed48b3433981957333e8dc4a38f1161b15c1e6c82b026b442f16d1d89c6865626a1a4a1bd16d5f427ddd6a6ff8205bcdd5d0ec54d16deddf2c1624aa78eba86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55966fe9db72448e11b2b26a8496de9e

SHA1
912bd4994e6ffaf5d48a90f3c4bcbe99308d1281

SHA256
d62dac07e9552947d78ddbf1b0e47d796e14291ed4aca3d02abd727485de2ae8

SHA512
aaf2385e4c350ab695f17c1db5e89fe5a9e8f22757110a2ba42f82f11e1e5a8edc4797314a2a9ffc185c8d7628822aeb87a895311006393146ec663085fc79d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2c58aa4067d0e71e2aea3f85c26e0d3

SHA1
92c73e99833a19f656647f7a4262b7d519a30ed1

SHA256
cf19c1676c00976c85e932106a04bc41e737e27cf44c31776e725c6566827748

SHA512
28981c0ec059ba03c268c38c8003509a0b712723b68e2f42c213eb4711405f5eba7cddef1a7ac94a5c88c66cb67fc553fc6e10e98b053cd56a25c46da859b1a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC94B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA2C.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\DesktopOSIRIS.bmp

Filesize
3.4MB

MD5
a56788a474a17257ac62575b574d515c

SHA1
8dffc27b676ad25590b807bac8cab5c4dc37e1ab

SHA256
1d8383fe5b31d7fd1cafd9be66bc42f7efad7e7210a72b5c6ec286578cb17958

SHA512
84255a3a664b4568fe3d3886cc9ef8851d50476f09f5113f5778707787b641526676ea7a1b5ea6f83045886827f6c253ca237a624d23c17ce6473ba4d9718ba1

Download Submit
memory/2820-325-0x00000000007B0000-0x00000000007B2000-memory.dmp

Filesize
8KB

Download
memory/2820-0-0x00000000754A0000-0x00000000754D2000-memory.dmp

Filesize
200KB

Download
memory/2820-15-0x00000000754A0000-0x00000000754D2000-memory.dmp

Filesize
200KB

Download
memory/2820-14-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-12-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-17-0x00000000754A0000-0x00000000754D2000-memory.dmp

Filesize
200KB

Download
memory/2820-9-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-1-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-18-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-3-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2820-2-0x00000000754A0000-0x00000000754D2000-memory.dmp

Filesize
200KB

Download
memory/2820-328-0x00000000754A0000-0x00000000754AF000-memory.dmp

Filesize
60KB

Download
memory/2820-6-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2820-7-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2820-4-0x0000000075460000-0x0000000075492000-memory.dmp

Filesize
200KB

Download
memory/2972-805-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2972-327-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2972-326-0x0000000000330000-0x0000000000332000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads