a04064f3b8d1ac47c4e20b4dde68b27c962f4597106dc13aafb17120b9c9d662

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 11:56

Target

2024-06-01_51ddc47d2de358d464d984fb63692fcd_avoslocker.exe
Size

11.4MB
MD5

51ddc47d2de358d464d984fb63692fcd
SHA1

26522b19ac52edb31e5874e31b261e68d61fc7b0
SHA256

a04064f3b8d1ac47c4e20b4dde68b27c962f4597106dc13aafb17120b9c9d662
SHA512

9a73ddbf0d18e694f436c212ec89d11d92e94ed4e651e20ec0b23de88de0d4a30f634b8ac9ade9ca8df37a5063c75621762272f2c30ec2e05df7e49c6c631d0a
SSDEEP

196608:ULjxsLOZzz9KSfIuFvxX+NBHG7pZM2vDuBfhStffZh3yH98SfWclWYySo:ULjxsLCzz9jz3ONBHGVGyDuBfhSVf+HK

Score

7^/10

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-06-01_51ddc47d2de358d464d984fb63692fcd_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-01_51ddc47d2de358d464d984fb63692fcd_avoslocker.exe"
1⤵
PID:2808

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact