bac197a5a140abf19e70c58550f35dfea7785a0547b5766c90c060d1a60f08f8

Analysis

max time kernel
132s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
Size

46.4MB
MD5

52dc77e96ad8b24296fd7a099bc6e41a
SHA1

0bb7ff8788d69c85027657688a87e2edb023d53e
SHA256

bac197a5a140abf19e70c58550f35dfea7785a0547b5766c90c060d1a60f08f8
SHA512

0e706545659b061ab4e1fd6e3623678491abc8e40635020a41b70f0e776998061088109139359c525e8b80a157e57adedb5a4703d0fc550cdaa553821dbb350b
SSDEEP

786432:qNXTt+oov+rvPPzTyJeYZx9Yyh6lmgU8sjI+/dn3i5pe8ar2icEvcEqFF1K:2jgoG+3TlYZxph6lmgU8Y85oGEo5K

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4128	3024	WerFault.exe	81

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
3024	2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-31_52dc77e96ad8b24296fd7a099bc6e41a_avoslocker_magniber.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 828
  2⤵
  - Program crash
  PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3024 -ip 3024
1⤵
PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...