Analysis
-
max time kernel
95s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/09/2024, 10:42
General
-
Target
2024-09-03_63f996c71e7651b9afe72df68a290993_avoslocker_cobalt-strike_hijackloader.exe
-
Size
485KB
-
MD5
63f996c71e7651b9afe72df68a290993
-
SHA1
a2f10a8ff176fac1174fdb2aec19a393ed612aa1
-
SHA256
9a2c343736a3afce001ec2df9eafd840221872ddde2471e8d9ae4277514caac4
-
SHA512
da41bff7cfb890f74444edf03f3fef40b42f037d5a49d2d1a9e1a3646019a18dc53ab257c75322cc5a7b4f78e5ef7df2ac3e24eac7a03396d4b9c86a3788b045
-
SSDEEP
6144:K7WQ0j4ltziolIGlnE2dFDdrlBu0R+J5JlLgPYfq8ZF02IlLZDr0nXe:Ci4lZioxdfu0R+J5JlLgPbDr0n
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-03_63f996c71e7651b9afe72df68a290993_avoslocker_cobalt-strike_hijackloader.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-03_63f996c71e7651b9afe72df68a290993_avoslocker_cobalt-strike_hijackloader.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 4762⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2624 -ip 26241⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
524KB