Overview

overview

10

Static

static

10

2024-07-01...fo.exe

windows7-x64

1

2024-07-01...fo.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo.exe

  • Size

    4.8MB

  • MD5

    2a88c58ed063b4f85628c3c8824b0287

  • SHA1

    27554cfd95867b42651db69d789d62e72da9400f

  • SHA256

    272772d4656e66f81d00710f2b8992dccb52daa9dcda18dfd6bccbb0629f4109

  • SHA512

    5ea54482beb716ef6d5406a0f7a72e066250327f8b067c3fe9297285b9c1dd3e5d098bba000d50db896b0758c97b3fc2611aac2950a9cb6b103abf70a7baf290

  • SSDEEP

    98304:BtiuhouhmF1OgPptZDElaxQ3PCTDsRnLPYSz7LyZ:rvktIa6n3LyZ

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\ITS SB App Switch.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\ITS SB App Switch.exe"
      2⤵
      • Executes dropped EXE
      PID:4660
    • C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\ITS SB App Switch.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\ITS SB App Switch.exe" 2184
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3740

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\ITS SB App Switch.exe
    Filesize

    370KB

    MD5

    6e3b18cac5d61c109906e94ce895d2bc

    SHA1

    557d63dd72dc47e9b2d701c40e80fba1e108e9c5

    SHA256

    db70869cfafb8877fd02beb9d970427e6103c1003d04eca2dad1ac9a9587d489

    SHA512

    e27d2cf4e63b414b7a8e89c48e9b4c0ccb93e52c2405e9b5bbac13352daa3cf9e619b48845547ebdbfaa7ef8af850f1c3fe4b8ac228dfa3d14095d86cf82340b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_2a88c58ed063b4f85628c3c8824b0287_avoslocker_metamorfo\TestSecurity.12.7.0.249.dll
    Filesize

    1.6MB

    MD5

    a7d19e10c06f0b71f69c15e0c070f66a

    SHA1

    11a10b61e3925125b963e3074dea63f36084da23

    SHA256

    6b766ffee9ee5ebeee3830a90870afca99a79e7611fd81f2e4afab009513a3dc

    SHA512

    09cc5eff3529881d540ac96cf5fe488dc843d131d7c4527b2dbc4349c048a1cd2d1f190365f174d5972624805d07b84d513aa274144bd2974ced2ec57e2ed758

    Download Submit