c026e8ba2c12b97d31946dbe49ce661003543d5347c2022d5577149fb92206c1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe
Size

1.3MB
MD5

90d3b933178f3c6cf42bfe4b1ccffd6c
SHA1

1b1414ec8bde029cca5e4e0a43cdaf242167d99f
SHA256

c026e8ba2c12b97d31946dbe49ce661003543d5347c2022d5577149fb92206c1
SHA512

27db95533b4ebb46369815bc370b3e28a41e99d111ba9ae049f617b868e11617138b6a44a5c46115ec01a1f6539bb8ec76303604247ea0c08a11124ed383373d
SSDEEP

24576:32zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgeddF3B7zPkcowwtdwKzDXkDNJ4N:3PtjtQiIhUyQd1SkFdd19zPkAwtdwKz7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

alg.exe

pid process

480
2964 alg.exe
Drops file in System32 directory 1 IoCs

Processes:

2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

description ioc process

File opened for modification C:\Windows\System32\alg.exe 2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

pid	process
480
2964	alg.exe

description	ioc	process
File opened for modification	C:\Windows\System32\alg.exe	2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

Drops file in Program Files directory 3 IoCs

Processes:

2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\pcd.db	2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db	2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db-journal	2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

description pid process

Token: SeTakeOwnershipPrivilege 2032 2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2032	2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-28_90d3b933178f3c6cf42bfe4b1ccffd6c_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2964

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\System32\alg.exe
Filesize
644KB

MD5
b049b7c18f53d1557cd09153da1cf6dd

SHA1
794b6adaf4d56be05bf3d3dcb29f63806a869010

SHA256
8c5e4fa4af5e401b2c140dde4d7e7f28e24cec1da54038974113c02da2472769

SHA512
35012b30f28b5d00332070fe55a8e89f46c8d40269ac61a1c99488be97f10c96a5d3f3e47fcf3f93e8da3ec59a42bad08231585899831e3d44c9741cf55b1a66

Download Submit
memory/2032-0-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/2032-7-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2032-8-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/2032-17-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2964-20-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download
memory/2964-21-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download