Analysis
-
max time kernel
132s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-05-2024 01:00
General
-
Target
2024-05-25_6c7b1c7f2a466936f3c06f608358311a_avoslocker_revil.exe
-
Size
6.3MB
-
MD5
6c7b1c7f2a466936f3c06f608358311a
-
SHA1
14723c060f07a69d9bb5a6d04debccd55b32781d
-
SHA256
c41745d8a3ead8489fba5d9ddbadbcc868194da360463eae2d63a0a09c07c19f
-
SHA512
6d31d272eed382edec75873f116d5e49ea02672affaa0bc7e8c8733e1244e245e66ee016eafb25d3c9322f153e02c3538c798c6e74d860464c68acab6d06937b
-
SSDEEP
98304:Wy2Ra3s45KZATR1DPBLPjmFk1wTdrobphQ7O9CKkq7xb4T0HmphWdo80jT:WM5igRjLik1OibpCyCZT0mpMeT
Malware Config
Signatures
-
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6c7b1c7f2a466936f3c06f608358311a_avoslocker_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-25_6c7b1c7f2a466936f3c06f608358311a_avoslocker_revil.exe"1⤵
- Checks system information in the registry
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\netskope\stagent\Logs\nsdebuglog.logFilesize
4KB
MD545792e4d83ea4a027e3f915a7a04cad8
SHA1fcf8f4361cf854882f3ffc69ae3b76efb9b8c2e8
SHA256b34840b2915ffc04a053ab46c5a1261685051fd3191e5f62bc301599ee2aef09
SHA5128ce6fe19ad106576a9685a8190a9983c810f8765e21c067958e1f4a2ef1664ffa465e3691711a148b2def9c80b31b711f619cb1306b8f0cfc863bc6d94729609
-
C:\ProgramData\netskope\stagent\Logs\nsdebuglog.logFilesize
1KB
MD53e4c41db27479e98573b1bc85658a944
SHA184b39c5d7f161f26e788236aa84fe9771e5e4929
SHA2566cf0ed2260954c5ab122e9d08035f468d3ee5e5a7a5f56bc474b47b077c84f7b
SHA51271a71e7ab9d5d29050a2d634e5d8596dcf86180a216d8bb3b640620e2085da616714082c639bcc7b7082eb8f935ba084c44328b39d6c09bf2846352c977d4a70