Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-09-2024 01:41

General

  • Target

    2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe

  • Size

    989KB

  • MD5

    e3d1d451709c5499999de88d21f29707

  • SHA1

    96f9a056e8b7f71532aaac35aa622ffb6377e404

  • SHA256

    e562432ad86cf6362a3e674d9bd32be99340441ddd0bf9a5b0c4606271ff63cd

  • SHA512

    0dfb8d3422d98c484bdc14df77a61df59422b8eb96d683f8b9ad3686e218d9176a8d8af112d2e081f7cbb8328cdc5e5a4373007c9f89e380e2842aa6dea00741

  • SSDEEP

    24576:V3diFjFZyTE4vttcY+/fpfHn+gXM+TK2zM7YLrEH7q:NdUjmFtcY+/fpfHn5XM+TK2I7YD

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe"
    1⤵
      PID:1528
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 232
        2⤵
        • Program crash
        PID:4880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 1528
      1⤵
        PID:1868

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads