Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 09:28

General

  • Target

    2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe

  • Size

    15.1MB

  • MD5

    1d7c3981c488013cd062d05709765e85

  • SHA1

    04c2672adff1b107299d2563be85be7dfac3bc12

  • SHA256

    a3cf2e5260a9ee5afafcb65879150ecc9a4c2e5d3d38cbb35dc6917b5bf046e1

  • SHA512

    3bdd253c069d57e52b819af88b9b6ca40639b66ad71aa22acc6fc36306fc2b3e6b2645694c9d2ccd3ed95207ae2ac66bb9a6f434e768bf5ca90eea9808b61189

  • SSDEEP

    196608:IrX4wo6Ir7PVYn69zqUlZGOJsv6tWKFdu9CZUfz+yj:I4tvC69zjlZpJsv6tWKFdu9CZa+u

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads