Analysis Overview
SHA256
e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a
Threat Level: Known bad
The file e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Modifies extensions of user files
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-30 08:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-30 08:20
Reported
2021-08-30 08:23
Platform
win7v20210408
Max time kernel
66s
Max time network
96s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\EnterTest.tif => C:\Users\Admin\Pictures\EnterTest.tif.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ExpandSubmit.tif => C:\Users\Admin\Pictures\ExpandSubmit.tif.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SelectLock.png => C:\Users\Admin\Pictures\SelectLock.png.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UpdateDisable.tif => C:\Users\Admin\Pictures\UpdateDisable.tif.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
"C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-30 08:20
Reported
2021-08-30 08:23
Platform
win10v20210408
Max time kernel
73s
Max time network
91s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\DebugMeasure.png => C:\Users\Admin\Pictures\DebugMeasure.png.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\OutLimit.tif => C:\Users\Admin\Pictures\OutLimit.tif.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ExpandComplete.png => C:\Users\Admin\Pictures\ExpandComplete.png.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\InitializeResolve.raw => C:\Users\Admin\Pictures\InitializeResolve.raw.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\PopConvert.raw => C:\Users\Admin\Pictures\PopConvert.raw.avos | C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
"C:\Users\Admin\AppData\Local\Temp\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe"