Malware Analysis Report

2025-04-14 04:33

Sample ID 240612-w4yqmayerq
Target 2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike
SHA256 ed8c87382781b45ad8c4b6280315df5b425976f457d60b031e65808074ec6158
Tags
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ed8c87382781b45ad8c4b6280315df5b425976f457d60b031e65808074ec6158

Threat Level: Likely benign

The file 2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike was found to be: Likely benign.

Malicious Activity Summary


Drops file in Windows directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:29

Reported

2024-06-12 18:31

Platform

win7-20240220-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:29

Reported

2024-06-12 18:31

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1d0064cd50e34605a167b0fab15b8355_avoslocker_cobalt-strike.exe"

Network

Files

N/A