Malware Analysis Report

2024-09-23 10:34

Sample ID 240614-nbpcgssapq
Target 2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker
SHA256 220786b9f602ad94ef2a63633990e9160eea763fcc7622ff73a6506b87570ced
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

220786b9f602ad94ef2a63633990e9160eea763fcc7622ff73a6506b87570ced

Threat Level: Shows suspicious behavior

The file 2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 11:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 11:13

Reported

2024-06-14 11:16

Platform

win7-20240508-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"

Network

N/A

Files

memory/1424-1-0x0000000000100000-0x0000000000101000-memory.dmp

memory/1424-2-0x0000000000100000-0x0000000000101000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 11:13

Reported

2024-06-14 11:16

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_e4e5d892b9b2437fd63f4652bdb0edd7_avoslocker.exe"

Network

Files

N/A