Analysis Overview
SHA256
220786b9f602ad94ef2a63633990e9160eea763fcc7622ff73a6506b87570ced
Threat Level: Shows suspicious behavior
The file 2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 11:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 11:13
Reported
2024-06-14 11:16
Platform
win7-20240508-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"
Network
Files
memory/1424-1-0x0000000000100000-0x0000000000101000-memory.dmp
memory/1424-2-0x0000000000100000-0x0000000000101000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 11:13
Reported
2024-06-14 11:16
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"