Overview

overview

10

Static

static

3

2024-06-28...er.exe

windows7-x64

10

2024-06-28...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 14:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-28_f56efa49a54fda64e5a263ee5f37fa3f_avoslocker.exe

  • Size

    1.4MB

  • MD5

    f56efa49a54fda64e5a263ee5f37fa3f

  • SHA1

    cccec39c2795d697c52331388f501f5a45ff355a

  • SHA256

    06e63999c497f9e9c6f7b1b293e6bbb1a9df3136671a2a7e7b91e32fc71c6586

  • SHA512

    1f58eeb8c9d6d0002fb75e2867415cea30bbafb8684e42c6cf583de42276aeb96d08f01e635ee2a234dbe2ee4fa1260f978d8aa44c1c3fa38c6ba32ff754ca27

  • SSDEEP

    24576:plviHLkP3lc3oc5Ki9MFhx33plOTMD9A80Svkm65bKKpyJ3veDcq0:wLkP+3oM1Gd3jOTMAIvkm+NpyJ3veIq0

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-28_f56efa49a54fda64e5a263ee5f37fa3f_avoslocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-28_f56efa49a54fda64e5a263ee5f37fa3f_avoslocker.exe"
    1⤵
    • Modifies system certificate store
    PID:2044

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2044-1-0x0000000000620000-0x0000000000720000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2044-22-0x0000000000620000-0x0000000000720000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2044-23-0x0000000000620000-0x0000000000720000-memory.dmp

          Filesize

          1024KB

          Download