Overview

overview

7

Static

static

3

2024-05-02...il.exe

windows7-x64

7

2024-05-02...il.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-02_d3123095136d31fd4a1a97ed90e1dc2d_avoslocker_revil.exe

  • Size

    7.8MB

  • MD5

    d3123095136d31fd4a1a97ed90e1dc2d

  • SHA1

    f7789e10461b178e766b268bc6dd80922e634dee

  • SHA256

    87fa2d19e2370678188d4bf3eaab45598db68d3009cfc2a4d5e89340dc489659

  • SHA512

    6945aec62ecf01b27ccdd3305a34213f912b11463bbcdceda3027a68ab2a7722c522eea135289bc6cc3052e9ebad0c61fb8225a60bdedffdee92d39dca0376ee

  • SSDEEP

    98304:pGix4K0lmZNgGTpE7SerwFAHjnmG07IRKQX9goORuJE5gLYC/OJ976yOPwlbBMNp:seZeCeVmG07MxfH/Q6yOC22cB

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-02_d3123095136d31fd4a1a97ed90e1dc2d_avoslocker_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-02_d3123095136d31fd4a1a97ed90e1dc2d_avoslocker_revil.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\configure.ini
    Filesize

    40B

    MD5

    3264249559c36cbf7a9b5c40f820d7c8

    SHA1

    2d4d5f7dc67786d829528750cb69a5d39276004e

    SHA256

    75016f964dd2995de71eeedd6394ea9041c231c1bf1a58ed9f937c82798af765

    SHA512

    a9ee7e984a83f5ffa4c06220fcb3a9e65938b7fc7c66a2071f8d89140ec81a708d3d06b296a5c4437dbdd9e6a214793d5eb8e236cd2be7dcfbed4dd21db482fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\configure.ini
    Filesize

    41B

    MD5

    74c86ab8c95dabf1ae809d797f0987d8

    SHA1

    60efc3329c5f2e763dc4bf9f692d2ad74afec355

    SHA256

    71b41ba70840b9b47a251fe22dc7f97601d4dc00f89dc0cfbd355f28e6027914

    SHA512

    11b12ffb37ee00e41355d1d8683b85e172f1a79d51ec90e4c155f32789b5d6a98a72efdaf2bfac16fc5b04c07be935b76e095665e3000c71fde6231c17772037

    Download Submit

  • \Users\Admin\AppData\Local\Temp\UnRAR.dll
    Filesize

    262KB

    MD5

    29374c529351f3b06f09ece5fe933a76

    SHA1

    356c36b2ee03a9ddfa6173dc1632be1081c855d5

    SHA256

    8631fdf21a823a26f7173cc53b58372030145a528c30c720d6872e67ffa8e9db

    SHA512

    1fa526337b04794e879164da0dd031a29f26266087113f9ff8da9e1f129377a189c3b732e8cedcdc59555e398d54a43de27d0dad8f91f232b2fb2ad2d996a8ad

    Download Submit

  • \Users\Admin\AppData\Local\Temp\separate.dll
    Filesize

    1.1MB

    MD5

    c8fc8523ab968f1a75f6c0fc57538f83

    SHA1

    dfce0b1d2f8a89ebe457d6e9fdca4212c830a611

    SHA256

    c133301fe34c14f9a90a231c22196a86d31bcce3fde560aad893b6ce91257be5

    SHA512

    b5f0782dd10e207d1c852703984ffa0a81288c6da77086c5c4576f6741d98d3ed1cd04151ddff6c3c6ef04f15404ef4a1246853f1cdb483fa2aa46fc8c424894

    Download Submit

  • memory/2324-0-0x0000000000950000-0x0000000000951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-23-0x0000000000950000-0x0000000000951000-memory.dmp

    Filesize

    4KB

    Download