Analysis Overview
SHA256
df480deb191b335dcbc3d4fc5d59594cb38caee2aaef8d877fbbc573de741301
Threat Level: Known bad
The file 6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.7z was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Modifies extensions of user files
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-27 16:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-27 16:18
Reported
2022-09-27 16:21
Platform
win7-20220812-en
Max time kernel
42s
Max time network
45s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\ExportUnblock.png => C:\Users\Admin\Pictures\ExportUnblock.png.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\MergeReset.crw => C:\Users\Admin\Pictures\MergeReset.crw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SetMove.png => C:\Users\Admin\Pictures\SetMove.png.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SkipBackup.tif => C:\Users\Admin\Pictures\SkipBackup.tif.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ProtectEnable.png => C:\Users\Admin\Pictures\ProtectEnable.png.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\CopyCheckpoint.raw => C:\Users\Admin\Pictures\CopyCheckpoint.raw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DenyAssert.crw => C:\Users\Admin\Pictures\DenyAssert.crw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ExpandImport.crw => C:\Users\Admin\Pictures\ExpandImport.crw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-27 16:18
Reported
2022-09-27 16:20
Platform
win10v2004-20220812-en
Max time kernel
91s
Max time network
132s
Command Line
Signatures
Avoslocker Ransomware
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\EnableApprove.raw => C:\Users\Admin\Pictures\EnableApprove.raw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RequestEnable.crw => C:\Users\Admin\Pictures\RequestEnable.crw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SendResume.png => C:\Users\Admin\Pictures\SendResume.png.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResumeWait.raw => C:\Users\Admin\Pictures\ResumeWait.raw.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DebugPush.png => C:\Users\Admin\Pictures\DebugPush.png.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SubmitRemove.tif => C:\Users\Admin\Pictures\SubmitRemove.tif.avos2 | C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 104.110.191.133:80 | tcp | |
| NL | 104.110.191.133:80 | tcp |