Analysis
-
max time kernel
96s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-09-2024 19:46
General
-
Target
2024-09-06_b141c940fb5ec1689b4e108d8d3f0231_avoslocker_cobalt-strike_hijackloader.exe
-
Size
858KB
-
MD5
b141c940fb5ec1689b4e108d8d3f0231
-
SHA1
413d82520be3c17a7ce2e412ab63d3efaea15b45
-
SHA256
361f3d899a93f1111e464edfe637b8ba44dc3fd66002900f60233c6dc962cfdc
-
SHA512
0d327abf67097de6c7fdd8d45775e1273eccfe8ede4aa565c656141c9f5927c1bfe7800a6da8189493e9be694cc778b8274d52d409a4931ab7e34d150c0d4620
-
SSDEEP
12288:CMZXOYzqL12KIMkuw/ihdrgIoIMPISo9XoAOt0OmRiNV3XPga0FQA:vZ+YuL1QCwer5pMkoAx43fgz
Score
4/10
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-06_b141c940fb5ec1689b4e108d8d3f0231_avoslocker_cobalt-strike_hijackloader.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-06_b141c940fb5ec1689b4e108d8d3f0231_avoslocker_cobalt-strike_hijackloader.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses