Analysis Overview
SHA256
29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08
Threat Level: Known bad
The file 29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Modifies extensions of user files
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-11-23 14:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2021-11-23 14:19
Reported
2021-11-23 14:22
Platform
win10-en-20211104
Max time kernel
110s
Max time network
122s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample.exe
"C:\Users\Admin\AppData\Local\Temp\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | time.windows.com | udp |
| NL | 40.119.148.38:123 | time.windows.com | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2021-11-23 14:19
Reported
2021-11-23 14:22
Platform
win7-en-20211104
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample.exe
"C:\Users\Admin\AppData\Local\Temp\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
Network
Files
memory/1940-55-0x000007FEFBF21000-0x000007FEFBF23000-memory.dmp
C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
| MD5 | 3806d7ac74d031d2bb681ab5270f2186 |
| SHA1 | 79ee44aa978b1a501458df1d90c5597cb9b3e04e |
| SHA256 | b284dafd0ba47b74f86324c39cbc69f2ac9e158e319ccce61b9800dbf47a1e00 |
| SHA512 | 2181728b3c17a7978f9f7c71970cda6a0e112de755a283de67054aeeb32720114f7cb064ebd9096c4c8abe9bf847e3ba6bc2cdb02b1e48b6fb56aa52f7e09fb4 |