85684b26f8e95225fcfc811b02dd8782ff9bb56732ac2a5ad098451d319e91fc

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Size

7.3MB
MD5

42b9bc8b84f58b56b568ef88f4c7fd1e
SHA1

9d1480ac33f095e009129b65449266bfc31aab4b
SHA256

85684b26f8e95225fcfc811b02dd8782ff9bb56732ac2a5ad098451d319e91fc
SHA512

8697b089b8aa606aa7a7dc828cc4abec6c94f8a7131c370b9cdc1cdba25c1a19d7a5761457ae7acebd9ec44426efb624a7788829de90e9f1eea9e551206df1aa
SSDEEP

98304:s+BPc9rUoflanoCoN2ck3q2TfUvuQsRwAx8nfJVAsI+bQYL:QUoflrCOP2Tf4XgSf5IzS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe = "11001"	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
1724	2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-12_42b9bc8b84f58b56b568ef88f4c7fd1e_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
879fb32b2215913c6864e888387a7215

SHA1
b8bee72c83e47e76dfd11ed720ac053ac66e3d83

SHA256
c875a90cbdb910315485e0a257ac0cd57fa495c95005313f8b7c03917bcf07d9

SHA512
d1d5944c16f49c37c7ed6eaad2c6c93b1927f752dad4424a1490641ce0365016530057ca6650a9c127217e802c20f8bd225202236bccfa330da6ae05545515a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bb1095fc6a580b43a7d7b5342a97855

SHA1
587c5336172e02f62c08db63df44fe44f82d07f3

SHA256
17bc1aecd62753006ab44adaf8771c233a391e6f13e586058c0b926900b0d538

SHA512
41633ac7d4fb75f8e98d8fbcf27d9fa770358d6cd9bae46c6163aad46993083266980f231ab051cfb78bde907f91c2ad81342e70c5522a58bc4be80e11dba226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd5b2aa2d11bf11dff66be2f95d7d83d

SHA1
df8d7a1824b0f57fb2b58db292c674002782dc89

SHA256
a09b37accea544d60f73cf655419fcb13e5fa39e863cd569a57bf5c0bd0ddeaa

SHA512
03d6a4aa51307f338c7a482206bd07fc62141a82e14b91ad7f09bcb378eb163be55f77a1dcab296b72c2b07311d30b4cd9e7ce11a4b272cbb836ef9efb94934c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07f0e2e430d8b14697f94390dbad83b1

SHA1
53bf938df3b26274ab674dd2411dc181f4b251d0

SHA256
42c7f56c0639791dd814e157871ef385ba1a586e427629adcc4d42f0a3144e1d

SHA512
2c18833121802b32d208717eca2d0da04ba532055afba25db1c2c2080b3392b413b9d735063a4b64c741d167c9c29422ccc10492e4691964a75749bed7d5663e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15c7b4637b13bd059bbe939f92b720ab

SHA1
bdf55a87855fd9ea58472d1b9cbe6f4e09bafda2

SHA256
45f74d48d0ebce39a7239226cfb1636c26348eba141f34e4e977a07500c82ca9

SHA512
51de0779e43d8456e20803bd58f821b844d8603d08b9fe0600a92fed31e69b4a93d0bc74c52211a141d1532088a43382eb57b6c4996a6d191f5b4930c0c191e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0520fdc9e1fbea432efabe4668979eab

SHA1
b4f7599cde0039b432ac09a53bd1c2c47fe2574d

SHA256
164f90fbc87c29ea6192d8107811de4e5587df8d9046c41cfe191356f00b143a

SHA512
65d4f0125235ae29ebd2c72c3a6711a6021d241f47808b7c68de04043cd3eba358c1be57fb95ced34eb1396d706918cadae9e1391b9c797cb31917ac2e46e627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71917e483a8d612e5bf75dce5059f405

SHA1
ff2cea5029244c0772792447b8bdec77daa5bfcd

SHA256
f461ca25894e8a4fd745e96bb0922aff9db6f7a55d7fdcd31ddf60a0664e3df2

SHA512
cb20d90916c7d02a75802b033673a4dd3962be3cb9a8ab1127e4d51c61dadd69744c31ce83ecb279c686c7b83df4e94db70ac94d3b9eac767eb63c1f027478db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afce1b44743a5914c4fa25ae5fccefba

SHA1
7fe90ed0ce1380c56dc1b73ef2cdb9c888efa084

SHA256
5746be5b6b20f86f48dfb241870770aff4d4761410a7ffe61dbd20baa4e45b8c

SHA512
4d1769e5c05a8578ee0919fb9ffc6472e2db8ffb22b3a011dfa53384bdbcf7bcdb939db88c00f197346bef10a077db25e4b12d2433b695b930e10e41e4fb1527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d766fb4658ca28b2fa75b9190441c3d

SHA1
5643bd6a1bf20dd187a3a78ea634d01484c733db

SHA256
197e52e4612792cb38cf4d7045a21e257f8990509b2ae8de939d446b4832daab

SHA512
426c51f5ec47c2068f977c373a941175ca725a2e9b311e3782928fa03492422a4bbff11d1513b409812748864da5164afcf54f5bd6f334c88e749a7b4e14ea6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c98418504e2a21071ee00ea7095e75a7

SHA1
40452ac2a1de1982bdbd800cf2ae9baab97e10e6

SHA256
819c2266e89a63ead13d5c9bd1dd796bd24de12103ec9431ce4a8dfff9d00350

SHA512
1cc41cf86d057b6d97ae169be749e2f7275583a27dec57ef0eb9c6fe37d6f4445402aa7ac090bfcb4222a85b4b254ce090c042e08a6f000ab1d3ba30237612f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf4cbd2436f8822ac583dd6532e43c0c

SHA1
c67c2dc47ea4cb12005018661d3c73acee170a5a

SHA256
bf4053bdcf0c5ec7cdff95cdad85c47195be3a81d286cd24a0025092b6489a8d

SHA512
8a3f5667955a11c81db6738bb906d7a762f9f267fe43d2eef9f5d3ed11e0443d6824d985be02851725f975567d3d98599e4cacd9a3df148b9cfcb33e93195ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
818e49959629ed6732ca37495e91d123

SHA1
220074a2352c1fc2716a726f9f6549e8042c7e52

SHA256
6397a2beedf4a2898ab0a18463ec9ec7422f3f7a61b330d85727f000f6ee6abf

SHA512
776c0d678aa5d6bbbb1117e6c71c4f7145e5f9d3f0e6e48a97cfe7188bc7f65feef09f89033a4f0b797ebd4f5a155bb860d0381e3b4729f5a148b8aa4d5b37de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2d8987f0ece5879d3648ec2ac84bf36

SHA1
5f413001c8dd40b85d589262cd5b5695f8a95bb8

SHA256
089ce8a6bf61d9c9c9c2a7097e05af1385263a5d3e5b7e29c97575f0db808baf

SHA512
e78a5b4b3f15ea52cf140eb25a234dbb354b97c4089909287d89687236a57ad34f6d3ff03a69211b69bb7bbbc6a3961c031f0258987f5b9d9a34625f1b87e339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b152e44f4fcea914e185467eae107496

SHA1
60d90af6731760fbd32e25cea50a28ebb9aae36a

SHA256
6a59887b5e586e0feeb19f269f5e46720a3f343bbbafdf12608dcf1f7365a606

SHA512
706a38c000d3e8c4768d87bbcc39fdd4b14f4e21f58cc142cc7a3c1680b72665e601fc6c31ecb1ffae00a7015ee4d8b5cd210a1c8bc80da1ad9e9fa8dbcf90f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BF6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CC8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1F4A37C1-C695-4D2B-8557-5C4E178D1357}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1F4A37C1-C695-4D2B-8557-5C4E178D1357}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/1724-28-0x00000000078F0000-0x0000000007910000-memory.dmp

Filesize
128KB

Download
memory/1724-11-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/1724-29-0x00000000078F0000-0x0000000007910000-memory.dmp

Filesize
128KB

Download
memory/1724-653-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download