Analysis Overview
SHA256
43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856
Threat Level: Known bad
The file 43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856 was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Modifies extensions of user files
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-12 14:05
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2021-07-19 19:34
Reported
2021-07-19 19:37
Platform
win10v20210410
Max time kernel
33s
Max time network
124s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\FindUndo.tif => C:\Users\Admin\Pictures\FindUndo.tif.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\PublishConvert.tif => C:\Users\Admin\Pictures\PublishConvert.tif.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ReceiveCompress.png => C:\Users\Admin\Pictures\ReceiveCompress.png.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\WaitSuspend.tiff | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\WaitSuspend.tiff => C:\Users\Admin\Pictures\WaitSuspend.tiff.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\WatchMeasure.png => C:\Users\Admin\Pictures\WatchMeasure.png.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
"C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2021-07-19 19:34
Reported
2021-07-19 19:37
Platform
win7v20210408
Max time kernel
25s
Max time network
40s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\ResumeConnect.png => C:\Users\Admin\Pictures\ResumeConnect.png.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SuspendLock.tif => C:\Users\Admin\Pictures\SuspendLock.tif.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DebugExpand.raw => C:\Users\Admin\Pictures\DebugExpand.raw.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\InstallFind.raw => C:\Users\Admin\Pictures\InstallFind.raw.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ProtectRequest.tiff | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ProtectRequest.tiff => C:\Users\Admin\Pictures\ProtectRequest.tiff.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RegisterUpdate.raw => C:\Users\Admin\Pictures\RegisterUpdate.raw.avos | C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
"C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe"