Overview

overview

7

Static

static

3

avi blocker.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    3s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-06-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    avi blocker.exe

  • Size

    1.2MB

  • MD5

    a366435c7b85c3416e6508eed07a9d7a

  • SHA1

    e236c3dc9daded99529524b9a8cf31cd8c9b6e10

  • SHA256

    518664818c0df357b99e7ffced815ff405c075801bf9af0ce10fb6489d124ad7

  • SHA512

    ab614d0b26ed289bf86d322364b14d86184376067df837c71f2eebbcc145b827de0aa040a975d3d4c8c15bfb528d88ae4a00355b2a1955c477e9f5a7894144e7

  • SSDEEP

    24576:UJkqjVnlqud+/2P+AmLI0U6/f8xecRuL+VFSUwMFpMWvFLUpHeQm2Hm:UJkqXfd+/9A2I0EjRui4WmptHm

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\avi blocker.exe
    "C:\Users\Admin\AppData\Local\Temp\avi blocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1fda4e8a9cc44f39bbc4fde9629b1efd.dll
    Filesize

    525KB

    MD5

    2b3ffcfa5066158629e12ba9fa18e625

    SHA1

    1822ab821cc729fc212e93dca7a5f7904d84ca04

    SHA256

    ac0cd6e586b18aa15323e70fb7ee7cf1c3c0c5a3b8313443e2ee5e4c5362f1c2

    SHA512

    843d8e02f9c1bc57cd43da521c3fe4b0cf2606db5c01ce75171ea3bdaf4cbe8087cab3f4ab852801e62dc94981b5e95999b3dd4b30e8031429d148597c5c988a

    Download Submit

  • memory/760-0-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/760-1-0x0000000000430000-0x0000000000568000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/760-7-0x0000000072570000-0x0000000072638000-memory.dmp

    Filesize

    800KB

    Download

  • memory/760-8-0x0000000004F50000-0x0000000004F66000-memory.dmp

    Filesize

    88KB

    Download

  • memory/760-9-0x0000000074E30000-0x00000000755E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/760-11-0x0000000072570000-0x0000000072638000-memory.dmp

    Filesize

    800KB

    Download

  • memory/760-12-0x0000000074E30000-0x00000000755E1000-memory.dmp

    Filesize

    7.7MB

    Download