Overview

overview

10

Static

static

3

f329ea2c75...b2.dll

windows7-x64

10

f329ea2c75...b2.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2025, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b2.dll

  • Size

    159KB

  • MD5

    7932ee5fa6f83b149569752c47e04b87

  • SHA1

    6eb115feadc5808507fb5a666dd18aa89a45616c

  • SHA256

    f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b

  • SHA512

    17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58

  • SSDEEP

    3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score
10/10
lockylocky_osirisdiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Locky family
    locky
  • Locky_osiris family
    locky_osiris
  • Blocklisted process makes network request 6 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b2.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Sets desktop wallpaper using registry
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1780
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OSIRIS-5c8e.htm
    Filesize

    8KB

    MD5

    2de8beba2725b510fd686c3adf0f0f6e

    SHA1

    5d8df4bb8bd6a9e467dde51137252486dd488a57

    SHA256

    4a2a722e3512ab9453c17b87bce434025bc5edbc0d26db0eb15e470983595d3b

    SHA512

    2b7010bc872235cf29f65bfdde4453220815be53cfd0337d960db98117f8d9814194aa89ce9396ebb1f05ee2bde16607f83c37f39475268a13727b0d2df6f9a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94089d73496e9ff1f1c308eb72c094c3

    SHA1

    2a9b1aed94a45e1396220f2ef51500193c1c1bae

    SHA256

    12540540524a45dbbaac28f252654cf9d4a0bf204603ed211d167c9546bb8737

    SHA512

    b7694eb80cfb19bf18f16350dc360b2763bfba9b530a8bc52da95daf02ed472b8b9ccc1a042e1f36d135d204ac9bfecbe28b20cf517e9832f229a9f6769c0f9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b06cf7fb379949a6f1443bc3f9e5915

    SHA1

    86ef42b31059b64a686291cc21d77dc4fd6a5bb6

    SHA256

    3fbef24d11d47b3a23402d03cfb611e6015193b22e8722233c21c887331cacc7

    SHA512

    27f8532f10370f08e169944bb02d49115b02767cf057bbf09aebc4fc5de4cd9f2dad37aa17adac464f8f10335f373749133febf6a304cf7a6dffb2097f11db55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55b88a79c99449c8c64d72391307beb5

    SHA1

    f4addd89acf0ced82c8cdac4a964645688440b39

    SHA256

    ba11c78903288421f289234b5aa6a0f132ef8cb0e33494795859e6bdc48bbba3

    SHA512

    2d88e9a2c6d41135e53ccad7e9d168fc20cb285a91d4e6aa8deba8be2b40bd1d324c1e09922f06291084cdc5befcaac3e3879e1c521502ce2708ac13bc0572ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    154913f01be731e864a6d480fc8a6c25

    SHA1

    6469726d44be1268b50de20a1e4ae33b25925254

    SHA256

    532a656a1bc7cc5df29541592fa36bc67059996ef02a92610bc9f51e9efd26d1

    SHA512

    c986748881878432027a5e56b163bc07a60c0955f83d0035008a0b2caeca03191ee9510a8726b30543b45f2a4b3d36d790df864b1e0c4fe20c05b55fb946a01e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    784d524d00ad0de483116663eba501e0

    SHA1

    55e2de5cf0e404ab811b44bb8f67cd826d63f048

    SHA256

    0d87d1d07f3433d57c3822a61bedf0eca94fad77cb34adb326967284c17b120a

    SHA512

    4b8bf527b677cddc07e0ccb95023175651a007563a5c70ff1d64ac2a25c023f89914944d9c2e5717d97476ca46a049b31ff7c45ec20f5fad99b3cf4b83302d23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7c2d626a6b494d592e8e346bae0c981

    SHA1

    541cd5f0a9ef2c6b94c63752a2588627c4cc611f

    SHA256

    70401fbcfb955d1c2f22b00de774fc409e006d401516cf52619b08e898f2cf7a

    SHA512

    9293949ac6564eaeb2eaf0583e870e5c381dfbb66cc6cf11592615956d31d3c60adcf291d5d48d9c03812089a02534a0acf3a5b3b361963f701b0546ae62b557

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1dfd8a3d17aa16a723215eab11ccc43

    SHA1

    413e68c54f0d168886ec85bf3e6599263811d3cd

    SHA256

    702a012f5707bb893bb9a9fccc990ea0b4cc9cd2bdb83e22e77095d9c2421c99

    SHA512

    bae82321d0ec03f2372d57e7e5e306352aae14339a9c7983f69cf533e2d2a80df848bf0481f508455c2cfb977c61702dcec4e8d9ea7aa714066442132671532c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    667580514199eedf20b28c1b3d7dced6

    SHA1

    c83af898e76a5d7b1729223af5117a7195857c2c

    SHA256

    0525051a317fc3ba66a36aba7024f6431f3bedf06977b1e3c814e29c81fabdc5

    SHA512

    53264d1acd72706a24a8ffd52fd6c5fe9b661ac6500038b7437c29c4b1d880eb4d6c86ac22f7621ea7039432246e2c9bac559f090dcf5843f1166823cde3b5aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    121d60784c65471b1ea5034d0d613874

    SHA1

    a735f048f88101662cc40658cdd0bb78ad8cd74b

    SHA256

    29d33cd7a8fb8abdac5cae3fbac6d0ab4e938caaf0ea02568e8c24f833989ce8

    SHA512

    6d3adf10bf56bf2495f18d202f058e811f1ef907b8cdcd9490a0a38ef8d5673fd798658f7e0e8e2e8e5b8497da84b15bf4a461d4cdc914753333d14104131680

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB2CC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB381.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.4MB

    MD5

    97a60b70cc9f6355900cd2eaee20f60e

    SHA1

    f510eb68f8d07923572d5ba8f19f3c38904f3102

    SHA256

    777dea123ef4c3c207e357dc523af98ef166856826cfbbd45c713ccf25e83fec

    SHA512

    00ccbbddbd238c3fb792ad46f10aca2404ccad58efc4db2422f0c74f86177a389f1b7f28288568a6d05ce42634d9518aadd2796f699ae491052064e23bab7b58

    Download Submit

  • memory/2484-12-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-14-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-0-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-3-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2484-354-0x0000000074BB0000-0x0000000074BBF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2484-20-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-18-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-17-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-16-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-351-0x00000000009B0000-0x00000000009B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2484-1-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-9-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-7-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2484-6-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-4-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2484-2-0x0000000074B70000-0x0000000074BA2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2604-353-0x0000000000810000-0x0000000000811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-352-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2604-831-0x0000000000810000-0x0000000000811000-memory.dmp

    Filesize

    4KB

    Download