0f1bd31c6c23c7ec586e617453f8cc329b669556a4c6f3fa4d8dfdec1da65a41

Analysis

max time kernel
144s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
Size

4.5MB
MD5

238db72e15b25b90e5c665b2537002c3
SHA1

ac1d193b2827c3a107ea732c99d834fbd91dd2a2
SHA256

0f1bd31c6c23c7ec586e617453f8cc329b669556a4c6f3fa4d8dfdec1da65a41
SHA512

1a55b83b0096fe24e8f9986df5df550df93938e4489bcfc765daa154361a413d5ae865b0b547e969a9560ea798597718869e0a705f96a51efa805453aad4f7ec
SSDEEP

98304:Wpq/d8kCBzlMyQjujDW9tBcg2jGqwwAP2wwYByPK+u78218ZCtX05FCIxkB3tiX+:ncS5ujyp8jGqwwy2wj4/A8yL8FCI6Nt1

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe

Executes dropped EXE 1 IoCs

pid	Process
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe

Loads dropped DLL 39 IoCs

pid	Process
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
4232	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 4232	1112	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe	84
PID 1112 wrote to memory of 4232	1112	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe	84
PID 1112 wrote to memory of 4232	1112	2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe	84

C:\Users\Admin\AppData\Local\Temp\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\temp\406D01E7CB80FE111970E7BCB0B9729E\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe
  "C:\Windows\temp\406D01E7CB80FE111970E7BCB0B9729E\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe"
  2⤵
  - Checks whether UAC is enabled
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.setup.ui.core.dll

Filesize
89KB

MD5
2c8f5ec07cb84d844e3fdee32b2a8e00

SHA1
2e27daffed27a7e6ee3adc50eef1710da318ca32

SHA256
8d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9

SHA512
ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.setup.ui.dll

Filesize
278KB

MD5
1bebc399a1b31eabc3361169df0316d1

SHA1
56091143fafa680dc65dd5f2b5d6fafa94590041

SHA256
894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b

SHA512
d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
baf69d3c6977161e0c2b631b3f9958d4

SHA1
a1b2982c11811c4e5f6bce95f3072a855d11c369

SHA256
e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc

SHA512
2fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.setup.ui.visuals.dll

Filesize
420KB

MD5
6181240bc579d2dfb176a1ca260f5a90

SHA1
eb13b6cd4a242c8399396795d1863954b8d79507

SHA256
b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768

SHA512
f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.ui.framework.dll

Filesize
264KB

MD5
2ad2ab4f8517da8e2efdfed22ad49f1e

SHA1
55916e3e5c4c40cf2e5644fbad07baf31459673e

SHA256
6efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7

SHA512
12800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.ui.framework.localization.dll

Filesize
283KB

MD5
079ac68d4beb2ab9602d754b09ff652b

SHA1
90032834cc5cffd0b00119e4e38b5f4c5f877e4c

SHA256
9377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e

SHA512
53782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.ui.framework.uikit.b2c.dll

Filesize
631KB

MD5
445e34aa976419cae54e13ede8d41ce5

SHA1
98ca3ee808f97ae16970b0fcefd3387bd07278eb

SHA256
a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24

SHA512
86b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\kl.ui.framework.uikit.dll

Filesize
2.7MB

MD5
18defb1e3b7460f592a8ca61e4b40ff0

SHA1
8f8f7d7d1ee8a048d162603cc21a0f4c40b9036b

SHA256
02a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d

SHA512
7cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\setup.dll

Filesize
5.9MB

MD5
1140b9595a37e9dd12d2b01e960f4b77

SHA1
6210a7bd73d61b86af2ebca77957662581cd2c22

SHA256
61e7d9718f07945da9d9aaf1a67a29060783b7ea279399306aa2d6b8fc0d6e14

SHA512
4330385eba791055a393309dffb185baae2bbf1ff56346a59697aec795c27a1ff0a1427d67a40f6e668c4fb115338a8d4b354b0c6225096f9cbf9d3817608083

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
a56a73b39703d5ff85b5cf12f9b00009

SHA1
e6448c87f969e19ae4c6514d69d8286d26a2b5db

SHA256
bb5966185017d904d2d7fd952bcc6d5c19fdf6bbbe34ab29c63a3784cd1074c7

SHA512
7fa07a1fcc0735186ee71b3c123b1c4076f04dba5ad319588ea695ef117ab7c39918593e4ee42f18cbd3fe01d043e896981ca6f07293fc2fb0a9bce5d66992b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectorcore.dll

Filesize
201KB

MD5
24e3b7177eeabdf085a01796b49c8e55

SHA1
6916a0bb98892252f59692fd0405e6da62af0f8b

SHA256
eab963926cf2d62b575c6f33804372fea04db328b2b3f0adfb45fee3f27e5386

SHA512
5e377e609673f3d84e22d070012578b8a18fce848a3815d9da05e10043d3e9fde8070094d1841acb44a4f876d8741e371a5fbcc86cce80cdf826131370a41e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectorcss.dll

Filesize
109KB

MD5
726d04bbe783a3510b18a491adac05c0

SHA1
11a01c68204dd80b32c01dcdb2e51f5b0ee34d98

SHA256
639e091c9e87986eaf9fe00f0f401834e14878ebc48084697fd4307713a065ca

SHA512
90592ddef83b6640cf8f28f0818098f95acc4139c7b3f5e8afa63bb873530be1613d42ee02dae12160737ee612187fc0139e19ee4a7f1abb3fec1fcaee1ae297

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectordom.dll

Filesize
55KB

MD5
e4f6efef27708458ecda4ee22edf3cef

SHA1
07ccb5fa980dead816737ad83802cbfed18e4a4f

SHA256
413e485d8dd07231d70107d86ee1a17ce705517aed8346b4701747d1fdbfdfc3

SHA512
4920e508304df14041df1189938a1102e4a71e2e57ac4b9b804b6b0405c89c8292012a5ff4dae21268204ed6d9b56a279f4ce18d709074d1cba71cc9d5e11a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectormodel.dll

Filesize
998KB

MD5
225a73e5a0cf87453832b578db6daddb

SHA1
a36717a1b2c7eb2ba160fec5fa80e48b9e57c4ac

SHA256
0499708762c56b9339c980e731ffab294e9b18362af3dcb4ad4481f1c7bd60c1

SHA512
565ee2105bd626650857e0e6f9c8f7d87a68c3ec41923de119a3b710038a4785e16ccf79feb4c1c4f8a308f682163089228ac4ac81295cea754ae1189311c965

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
faec58e7785c287a7c688f274207048d

SHA1
66c038c720035b7212a7d3733da4520e3b95d63b

SHA256
4c76dd0441a8021a308be24cf0c1957bee280451abcc1467acf47f1a6f7f5dce

SHA512
9269a91a5bab01f076d8e9fde2991463fb224dc6382f8cde3a118e83cb35bdf580b4ea7686f2ea767a2a9c04650222edfc3a8b2569978b734c51b7135915448e

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAE585E7CB80FE111970E7BCB0B9729E\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
0e203d24d04e89779638dd70d5335b39

SHA1
98ffc3718c6e34bd6d696bbcce605db666f99b01

SHA256
f15b5199850b8ed98d2202972ada759823a17893a68d60ca3a0f76ee31aeb204

SHA512
a07f54cce2add948340807b8ecf430e72c07032332046e5dd05d9da90f7d732921c0ff628592ff0710914ec9d9b7188b46377e1594a9f9809a107a022de1cfee

Download Submit
C:\Windows\Temp\406D01E7CB80FE111970E7BCB0B9729E\2024-05-02_238db72e15b25b90e5c665b2537002c3_avoslocker.exe

Filesize
4.5MB

MD5
238db72e15b25b90e5c665b2537002c3

SHA1
ac1d193b2827c3a107ea732c99d834fbd91dd2a2

SHA256
0f1bd31c6c23c7ec586e617453f8cc329b669556a4c6f3fa4d8dfdec1da65a41

SHA512
1a55b83b0096fe24e8f9986df5df550df93938e4489bcfc765daa154361a413d5ae865b0b547e969a9560ea798597718869e0a705f96a51efa805453aad4f7ec

Download Submit
memory/1112-2-0x0000000077CF0000-0x0000000077D00000-memory.dmp

Filesize
64KB

Download
memory/1112-0-0x0000000077CF0000-0x0000000077D00000-memory.dmp

Filesize
64KB

Download
memory/1112-3-0x0000000077B92000-0x0000000077B93000-memory.dmp

Filesize
4KB

Download
memory/1112-1-0x0000000077CF0000-0x0000000077D00000-memory.dmp

Filesize
64KB

Download
memory/4232-47-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-139-0x0000000008540000-0x000000000863A000-memory.dmp

Filesize
1000KB

Download
memory/4232-92-0x00000000072D0000-0x0000000007590000-memory.dmp

Filesize
2.8MB

Download
memory/4232-84-0x0000000006C50000-0x0000000006C66000-memory.dmp

Filesize
88KB

Download
memory/4232-93-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-80-0x00000000067C0000-0x0000000006802000-memory.dmp

Filesize
264KB

Download
memory/4232-97-0x0000000007BF0000-0x0000000007C5A000-memory.dmp

Filesize
424KB

Download
memory/4232-52-0x0000000005FF0000-0x0000000006036000-memory.dmp

Filesize
280KB

Download
memory/4232-107-0x0000000007D00000-0x0000000007D9E000-memory.dmp

Filesize
632KB

Download
memory/4232-122-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-126-0x0000000006510000-0x0000000006544000-memory.dmp

Filesize
208KB

Download
memory/4232-130-0x0000000006550000-0x0000000006572000-memory.dmp

Filesize
136KB

Download
memory/4232-48-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-44-0x0000000003790000-0x000000000379E000-memory.dmp

Filesize
56KB

Download
memory/4232-131-0x00000000081A0000-0x0000000008232000-memory.dmp

Filesize
584KB

Download
memory/4232-40-0x00000000742FE000-0x00000000742FF000-memory.dmp

Filesize
4KB

Download
memory/4232-135-0x0000000007920000-0x0000000007952000-memory.dmp

Filesize
200KB

Download
memory/4232-88-0x0000000006FC0000-0x0000000007008000-memory.dmp

Filesize
288KB

Download
memory/4232-10-0x0000000077B92000-0x0000000077B93000-memory.dmp

Filesize
4KB

Download
memory/4232-147-0x0000000007B90000-0x0000000007B9E000-memory.dmp

Filesize
56KB

Download
memory/4232-7-0x0000000077CE0000-0x0000000077CF0000-memory.dmp

Filesize
64KB

Download
memory/4232-143-0x0000000007BB0000-0x0000000007BCC000-memory.dmp

Filesize
112KB

Download
memory/4232-8-0x0000000077CE0000-0x0000000077CF0000-memory.dmp

Filesize
64KB

Download
memory/4232-9-0x0000000077CE0000-0x0000000077CF0000-memory.dmp

Filesize
64KB

Download
memory/4232-151-0x0000000008450000-0x0000000008462000-memory.dmp

Filesize
72KB

Download
memory/4232-165-0x000000000BFC0000-0x000000000BFCE000-memory.dmp

Filesize
56KB

Download
memory/4232-164-0x000000000BF70000-0x000000000BFA8000-memory.dmp

Filesize
224KB

Download
memory/4232-179-0x0000000008670000-0x0000000008678000-memory.dmp

Filesize
32KB

Download
memory/4232-180-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-181-0x00000000742FE000-0x00000000742FF000-memory.dmp

Filesize
4KB

Download
memory/4232-182-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-183-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-184-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-185-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4232-186-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download