fe097cd5421fa4e876660d70fb6128cd0f901a108f5841e2d644daaec7a31529

General

Target

2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
Size

4.8MB
MD5

5fe36a341a62cc66604dea7af47acbbf
SHA1

96088a5140c2bfeec95ec4f9bf5ffa06eec4d639
SHA256

fe097cd5421fa4e876660d70fb6128cd0f901a108f5841e2d644daaec7a31529
SHA512

9c492aad2ac125348059392ef1f5abdb6c65cd7a578e84d64ba2c350f00bb5b6082d5e011a16dabe237cc7b00f8d7697490269a1230b056534628af89ccf1729
SSDEEP

98304:HtiuhuuhmF1OgPptZDElaxQ3PCTDsRnLPYSz71yk:V9ktIa6n31yk

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

MicrosoftEdgeUpdate.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA MicrosoftEdgeUpdate.exe
Downloads MZ/PE file

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_te.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\psuser.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\EdgeUpdate.dat	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_az.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_af.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ca.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_el.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_fa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_zh-TW.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_et.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeComRegisterShellARM64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_da.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_sr-Latn-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe

Executes dropped EXE 4 IoCs

Processes:

ITS SB App Switch.exeITS SB App Switch.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

pid process

2868 ITS SB App Switch.exe
968 ITS SB App Switch.exe
3648 MicrosoftEdgeWebview2Setup.exe
3256 MicrosoftEdgeUpdate.exe
Loads dropped DLL 2 IoCs

Processes:

2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid process

2108 2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
3256 MicrosoftEdgeUpdate.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2868	ITS SB App Switch.exe
968	ITS SB App Switch.exe
3648	MicrosoftEdgeWebview2Setup.exe
3256	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid	process
2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
3256	MicrosoftEdgeUpdate.exe
3256	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description	pid	process
Token: SeRestorePrivilege	3256	MicrosoftEdgeUpdate.exe
Token: SeBackupPrivilege	3256	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3256	MicrosoftEdgeUpdate.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

ITS SB App Switch.exe2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe

pid process

968 ITS SB App Switch.exe
968 ITS SB App Switch.exe
2108 2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe

pid	process
968	ITS SB App Switch.exe
968	ITS SB App Switch.exe
2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

description	pid	process	target process
PID 2108 wrote to memory of 2868	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 2868	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 2868	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 968	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 968	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 968	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2108 wrote to memory of 3648	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2108 wrote to memory of 3648	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2108 wrote to memory of 3648	2108	2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 3648 wrote to memory of 3256	3648	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 3648 wrote to memory of 3256	3648	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 3648 wrote to memory of 3256	3648	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 3256 wrote to memory of 4628	3256	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 3256 wrote to memory of 4628	3256	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 3256 wrote to memory of 4628	3256	MicrosoftEdgeUpdate.exe	wermgr.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:2868

C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\ITS SB App Switch.exe" 2108
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /AllUsers /S
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3648

C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdate.exe" /AllUsers /S "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
3⤵
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3256

C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3256" "940" "784" "936" "0" "0" "0" "0" "0" "0" "0" "0"
4⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

5

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
f2d14ff6375c24c821695ec218f2330b

SHA1
9d7b115c16d2ed5c3e6c3da19ccb495b3eb66b7b

SHA256
f9819b0b98e30da8b8f7c08191234ccf0bf03a33b7fd41fe93f120f974a8990a

SHA512
972814a3334ac85a30643778fceeb6f9a550d6dd578a0966fca9fbe6f36fc4e899e0a1b0534fe1d245c6f17ceb038d14d0989d31fb13f5b1556e188bb38c8b3e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdate.dll
Filesize
2.1MB

MD5
c35fda033b1b8441ae9d88c5763a7653

SHA1
6cd921518561d65155bdbdb085ad2fdc77fd635c

SHA256
4ac4272afebc63cd0bc85a5a901403570e5ba8ecb867febffcb005efc7d65837

SHA512
3068145da7f6d3755b8d497b8ce499823292d6b3be35bb3d1735ad1e3776c8bc2bcad59b48d69dd9135cd18a2238e9f2b1ebb4c3f19d47e70c421f620c7cc5a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU920E.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
c3dcb4ad44d0abedcb962778ff50c941

SHA1
a2b48433c32f2bcf6565d59b0c2720e74ec939a7

SHA256
387385234ff48a0faef8935ea7dbaab58acb85594bb9cd67b6b66da8e2c15941

SHA512
3d98d48c57a99c9a546a9847fa238d7bf2c00e86728a5c53b2029ac1917857952c28abf94502269500fbcd26c625468a8fcc988737ed2c77a43451679ddec65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\ITS SB App Switch.exe
Filesize
370KB

MD5
6e3b18cac5d61c109906e94ce895d2bc

SHA1
557d63dd72dc47e9b2d701c40e80fba1e108e9c5

SHA256
db70869cfafb8877fd02beb9d970427e6103c1003d04eca2dad1ac9a9587d489

SHA512
e27d2cf4e63b414b7a8e89c48e9b4c0ccb93e52c2405e9b5bbac13352daa3cf9e619b48845547ebdbfaa7ef8af850f1c3fe4b8ac228dfa3d14095d86cf82340b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-05-26_5fe36a341a62cc66604dea7af47acbbf_avoslocker_metamorfo\TestSecurity.12.7.0.249.dll
Filesize
1.6MB

MD5
a7d19e10c06f0b71f69c15e0c070f66a

SHA1
11a10b61e3925125b963e3074dea63f36084da23

SHA256
6b766ffee9ee5ebeee3830a90870afca99a79e7611fd81f2e4afab009513a3dc

SHA512
09cc5eff3529881d540ac96cf5fe488dc843d131d7c4527b2dbc4349c048a1cd2d1f190365f174d5972624805d07b84d513aa274144bd2974ced2ec57e2ed758

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
Filesize
1.5MB

MD5
1a8e15de0c4de9ff87e90268f780d1be

SHA1
e90ee17d0d92b18efbb3f261d16b49742781a44e

SHA256
4cfffb2178202505422fc9612d3418ed1ee58d72a22fdde34d5ec4010285c874

SHA512
676438645c4b24d17d85a259ec587b494d418d84309651b7336935d019c0baf86648adaa6096273cb0848e7aaa0f0bd806aa6e3b3916bd03a5721d107601cdd9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads