Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16-09-2024 01:41
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe
-
Size
989KB
-
MD5
e3d1d451709c5499999de88d21f29707
-
SHA1
96f9a056e8b7f71532aaac35aa622ffb6377e404
-
SHA256
e562432ad86cf6362a3e674d9bd32be99340441ddd0bf9a5b0c4606271ff63cd
-
SHA512
0dfb8d3422d98c484bdc14df77a61df59422b8eb96d683f8b9ad3686e218d9176a8d8af112d2e081f7cbb8328cdc5e5a4373007c9f89e380e2842aa6dea00741
-
SSDEEP
24576:V3diFjFZyTE4vttcY+/fpfHn+gXM+TK2zM7YLrEH7q:NdUjmFtcY+/fpfHn5XM+TK2I7YD
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4880 1528 WerFault.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-16_e3d1d451709c5499999de88d21f29707_avoslocker_cobalt-strike_floxif_hijackloader.exe"1⤵PID:1528
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2322⤵
- Program crash
PID:4880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 15281⤵PID:1868