Analysis Overview
SHA256
c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02
Threat Level: Known bad
The file c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02 was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Renames multiple (172) files with added filename extension
Renames multiple (165) files with added filename extension
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-07 09:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 09:30
Reported
2024-04-07 09:31
Platform
win7-20240319-en
Max time kernel
76s
Max time network
19s
Command Line
Signatures
Avoslocker Ransomware
Renames multiple (172) files with added filename extension
Processes
C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
"C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" F:\GET_YOUR_FILES_BACK.txt
Network
Files
F:\$RECYCLE.BIN\GET_YOUR_FILES_BACK.txt
| MD5 | c416bf3911487d819c45a4001a77b35f |
| SHA1 | dc19ce5f2f104f710edf83f7efa617f0bc749f67 |
| SHA256 | 76bbf445e90dffd6d609e98faad6f84f7dc99c5412026cfb1a6e224b1cb2e6e2 |
| SHA512 | b6ace2a4c58ec68a60b1e1640e5adc1abbc58c669bc0d24f1cc5e1a778d595b5c255c4cc0314f7b3e4a413759658c6c281dafaa59e1110d05119b17d00555e5d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 09:30
Reported
2024-04-07 09:32
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Avoslocker Ransomware
Renames multiple (165) files with added filename extension
Processes
C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
"C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
F:\$RECYCLE.BIN\S-1-5-21-513485977-2495024337-1260977654-1000\GET_YOUR_FILES_BACK.txt
| MD5 | c416bf3911487d819c45a4001a77b35f |
| SHA1 | dc19ce5f2f104f710edf83f7efa617f0bc749f67 |
| SHA256 | 76bbf445e90dffd6d609e98faad6f84f7dc99c5412026cfb1a6e224b1cb2e6e2 |
| SHA512 | b6ace2a4c58ec68a60b1e1640e5adc1abbc58c669bc0d24f1cc5e1a778d595b5c255c4cc0314f7b3e4a413759658c6c281dafaa59e1110d05119b17d00555e5d |