Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 09:28
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe
-
Size
15.1MB
-
MD5
1d7c3981c488013cd062d05709765e85
-
SHA1
04c2672adff1b107299d2563be85be7dfac3bc12
-
SHA256
a3cf2e5260a9ee5afafcb65879150ecc9a4c2e5d3d38cbb35dc6917b5bf046e1
-
SHA512
3bdd253c069d57e52b819af88b9b6ca40639b66ad71aa22acc6fc36306fc2b3e6b2645694c9d2ccd3ed95207ae2ac66bb9a6f434e768bf5ca90eea9808b61189
-
SSDEEP
196608:IrX4wo6Ir7PVYn69zqUlZGOJsv6tWKFdu9CZUfz+yj:I4tvC69zjlZpJsv6tWKFdu9CZa+u
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: 2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe File opened (read-only) \??\F: 2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\win.ini 2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4740 2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4740 2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-03_1d7c3981c488013cd062d05709765e85_avoslocker_revil.exe"1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4740