e865fb36a9861562cb83fddebd5dab191cd43f429e0e9cdb8a0fd3307072430b

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Size

7.3MB
MD5

68ddd0c59e394f2d366a048c08d7f6be
SHA1

99a345bf566e0b5653c4bc053238f712b6cc3415
SHA256

e865fb36a9861562cb83fddebd5dab191cd43f429e0e9cdb8a0fd3307072430b
SHA512

1c972b60f0d61241e32203173d244da19a3ad1e9dc13f1724d2a16447e4705a4aef42c22d3bce125d672199b11b363a2064d68cb9647b709710a96b282e5ac6d
SSDEEP

98304:g+BPc9rUoflanoCoN2ck3q2TfUvuQsRwAx8nfJVAsh+bQYL:sUoflrCOP2Tf4XgSf5hzG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe = "11001"	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
2904	2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-29_68ddd0c59e394f2d366a048c08d7f6be_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ff4a9b91db898ddf7eee275a329fa1b

SHA1
7603aafe4f7bbff5256286148efabb70043ee8c8

SHA256
71d2b6e2bf4a1b04c7f390b6d1a5fe25cecb5b5dfa8e175fd79bd89801c9662d

SHA512
fe75e8b2d9c9f3dc92ba49bca9fd53f8da781ec4bebd5367a9776dd4e7d9663e41c2b9b4722a0104087bcef881e84fbcb2efd463ef8dbafa128099ddaa36df5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
511ffae419214bb4cd44a10a2e76dc9d

SHA1
b76991b8fecbe0611ecf0f7c371eb92c587a70e3

SHA256
c80aa76eb5d5ee87c808cf08de3a514fab5e4621168d4ab94aedbca8a88328b7

SHA512
8756f33199ee1d1290da83951d77a4b8c669ab4bbe9db601653cf3014ca19425a53ec38bd880915baa534cb6357b36ad6c79842a964c5951d3ca03e0541f8905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b246d3bf14133ef4a1e1a25f4e6031e6

SHA1
1c36237d741d0fba733f24c988908a9d05b81355

SHA256
a311ed57468588a45c89572a2754da91d18ad9f141b1dbd57a0d3f3324d3068a

SHA512
f6571b70fca08b511884cc74f91c48e560d0d12d1a4e38a8e6bf7093a0c90975fb77969c1d5e287c9ea87638cda2e8414f213b2b9834367ef1307c8d2a32241e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6841e6e596e52649c9a36dfa924e728

SHA1
a6dad8a16640a9b103a4d9eaf8d210a920ce3783

SHA256
b67f1b876abfcd8e76b1d3c03535eee21c3f858aa98a7e6b00a1147a1b6359c4

SHA512
5899c0173be9792ec30f42fba6af0ea76f278f8fda3df0b3639182be6cc10923c1c0cc45ab1096fa130a4cd8cda708dd3c804e7b5e2b447f02a6fcb82a1dee85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1371c313d8a4bb12ed6a39f6453ae656

SHA1
a1424f2cbba97659f03c17ecbe3bd82bc857e282

SHA256
2cde5a1049b60983e486c5d58f9d176be324acf91551fb59a8355f59679a7d8c

SHA512
c7c19076e989f3b6f2d6b9e0b06433685957341ce78ea962b5072dab61ba0b3dd88f10f4411d94ca1e2c91335f67604404e46f214b47523b3aee88add8242639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b1ff14f140a4e4ccdb235beb5408a62

SHA1
bf1676c0600d6f5a253f37debebfb380c6a22896

SHA256
401ab22dbe06e1619dc4e4aaf6978020af6d96d69e657a88f4ebaedc605485e4

SHA512
631b8fdb461a30640aedc2412ef4279fcb99968b95e19a8e61031ede420287167c873f896cfcfe5152c5476b84a86a9834afae9be8cffd4553806a8066830119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da864e221a91b74a39d90d061160b147

SHA1
edf4bc24c4acd5b39078818c184813910e89236d

SHA256
00fe2f8876a6efc306d746ecf52abdfa7532d855ab9ad07a1a3bef878545e295

SHA512
9574803ff764dbb600cf46f644eff57220abf2092ffc3f508ccad0fb89dccbed11df21d331d1f613f0bcde47c9d3b66932b64d722b6eb3ab311694ce9a0106af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad096725d47f3b652c4899235a4633aa

SHA1
23639ba478613a417838f4f2dcd08f37164e7795

SHA256
e4f3727c4f23977bff80c53679765bfebdb4773547b117743c4aec152348dba3

SHA512
1eddc4d7ac45eb8b5047716e1fee6ae29d0c4427590faa62545266350d18d710284f2789c1df5c186f438251ef1f82a7ea41ef50ad088b8cff7d6d8a0f3557be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45142f0268a96591b38abb093f8750a3

SHA1
a6fd1b640853316b8fc6d68c3e601df499cc711e

SHA256
8fb028bc1fd0410a5a99533262a4c656f38b923ba19f81daf8c9e7ca2c85c465

SHA512
f5eca321402962241efb477bd11b251ebc745a2d992bfe60f0b5d573c789f4433015fa8dc51c682b1c3dc2e4d633963fae8c121d4de29fb5edd5c5bdc7ebe389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7085d82f910388810af64b5f9714cac8

SHA1
5347fc168f452ee8a012c861b6585c7985ab27f9

SHA256
9f5a5908e5726c7362d94ea5e04bd593f05274c960651de24376ee3f25dc6211

SHA512
837532f01cab2b646972031658a3ab50b6d73e8bf86b198a3ce0f16043b24bcfb69529356f5b26c47df8b6109154f152006d22e547d5c41f542795f1c0d93ae6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ddeb38df0e4c20b3e79b1dd34146c1a

SHA1
c2d2613c8f484cebc4760f1fac8868397b01e5a8

SHA256
da835585ccdc4c94a405e13b75f04039185fd0ba9976e237a2b04a0789918981

SHA512
2039dab0b5eac4ecabdb13fde779d16bdcd49e87c5cf923fe4fa72ceb6a5d5ce1767bc036e91f5f1ff1e2663af1b3dae8ae929afb0b7fbf9771086c2ae5401c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e08e1068fa228172cd137e0dc3f3dfbc

SHA1
da6ddf29e7c22615ed4a797c590b63bc8ff7062f

SHA256
a8bb4feb917df8bb93c5a93bcddc3312877171e80f6c2d547a8b55a502926141

SHA512
732016e35c450207a42f0b2feb958c7502b9e9590217d6fad04ac2121e8dd2e1d845b478f1e8c722689f1d097d3cab60ed99efe5f6ece51cb4a29153317cbb65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
187e441d33c65aca4549493edefe4c9d

SHA1
fde4f4672eb2d28af5d0a9d8e9849ac8b8cc2ef0

SHA256
4a0f0936640cd5649cf32931e97dd068184932bb19f9b54e0141a2f0ace063e8

SHA512
7205df8db514dc023eb23c9e6b7c1ef1a5c859b37514fa13c81069cb55892c5e33d39c41244067a4ce30efc33fd73ef822aec3c7085fc1e9f997dc96bca1657d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e4254bcb6776129eba1a195b8c00a02

SHA1
cef34e745a86747edd89ea67a4de6bdaf8120535

SHA256
6391877d1399652193626d40ca2919b53e05ea4654823265148cf93ec9bb141e

SHA512
622875c2e90d2d80503abd5dd52310f3d2c70f0c569df4fc118ec9fe59a22be4f5bfd4d4f20b71229330f91e22558904180cb8b21db621589d8db732c6c1e337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9f5f7350ee720618587346d356ea967

SHA1
adf6ba86350b8fecb19470e938243a0425de821b

SHA256
545d69e65a6158b2dfc5f40e100bf24ddad188bf2feaa2bec1b894d56d55690e

SHA512
b619383ae3a0e55db415801a1a007ab15016931ae153e72c10ad34c52749f6ebdb103940f152028eac81b64cd0c61c9f6136654c82248463c3ed0e1cba09715d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2042.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2125.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8D533CA-B50E-413C-BE02-DD88088746C8}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8D533CA-B50E-413C-BE02-DD88088746C8}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2904-14-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2904-28-0x0000000007A40000-0x0000000007A60000-memory.dmp

Filesize
128KB

Download
memory/2904-29-0x0000000007A40000-0x0000000007A60000-memory.dmp

Filesize
128KB

Download
memory/2904-30-0x0000000007A40000-0x0000000007A60000-memory.dmp

Filesize
128KB

Download
memory/2904-652-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download