Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 23:47
Static task
static1
Behavioral task
behavioral1
Sample
208c45f500c299bc4ebd80d1e230cc41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
208c45f500c299bc4ebd80d1e230cc41.exe
Resource
win10v2004-20231215-en
General
-
Target
208c45f500c299bc4ebd80d1e230cc41.exe
-
Size
402KB
-
MD5
208c45f500c299bc4ebd80d1e230cc41
-
SHA1
1c0b42efd324cab1625423b5634ee4b67ad62ac5
-
SHA256
97820cf8de59555d2d333ac724c6a72c610b8c537f35139ebb1a5a362e68f789
-
SHA512
d34d6ffcb4751f0a5391fd08cd6c78ceb6bdcc9c4346b28cd8c0e00a1ab810e1990dd752b70852aaed73738c888e6d0d73485c1e58582e8d0aedc106551e2637
-
SSDEEP
12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4HUsNI4j:L5rxhW6PB6BybYxlWX/DEv4eNw
Malware Config
Extracted
C:\MSOCache\GET_YOUR_FILES_BACK.txt
avoslocker
http://avos2fuj6olp6x36.onion
http://avos53nnmi4u6amh.onion/
Signatures
-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
208c45f500c299bc4ebd80d1e230cc41.exepid process 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe 1032 208c45f500c299bc4ebd80d1e230cc41.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50454a42a44d0ac06b736c1c8ea701738
SHA17b32fec0e0063f0f9cf7b10aa7aa88e04be6d049
SHA256bb344c93d0894b33ec20752eebb8917e79df6d92d4be5c9c9610e596e6df26a7
SHA5121a6f8d5b58cb5cc93350341d72a0a83dd86531e528155f51961aea3e94d17cb8a58513efd7b616af3ac2dffb4ed074fe3a0b150551d5f4540f269b86d00026f5