c35fb9a56d5b37a2b957a9a2bf66ea8513c2a8667bc89e756fe5d9bf5abb295f

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Size

6.8MB
MD5

8fd4aadb0662bf1bf2634d9451332269
SHA1

95433fadacf01080e91297836ead17866eca9c54
SHA256

c35fb9a56d5b37a2b957a9a2bf66ea8513c2a8667bc89e756fe5d9bf5abb295f
SHA512

9c74417e492471c04982d95304bae3af5e5685adf7299b81e3a2451726ff22a7b09fdfd8b314284008dcc38d27e4c1a53f43d51eb6503beb73f4aebb1f61a02b
SSDEEP

98304:r9rOvi3HzBvnKFn0MeYttysOx6VamqSJ5a4foWb/LTu:xrOvijBGnBeYtAX+q05aWoEvu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe = "11001"	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
2292	2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-17_8fd4aadb0662bf1bf2634d9451332269_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b410b28c3dc776ac3b851b31ad8ed063

SHA1
e76ac2f02b39db006a65aa484e7367bb68ebb971

SHA256
5d19a41ecc62567f28c2b2627ba4e757a7626b3edad9d22eb2037e0e4ae0d9cb

SHA512
e0b80c79bc8add40bc362c5d36fe111199deea66590c073b31f549b66c8682d0aa4884b058f16f5327b0375f79f4a5d2a74d880e4a296042b1ab2c7610dacf57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
819b24fa4bce2809127345137c753f9f

SHA1
d2efd9b7ee435b27f358ad7f32e87f42c8a413ae

SHA256
7155b3be098354455f3c509464f7cf8f13b2cc1193fbbf50e1f464d55fdf5f60

SHA512
91aa140404e9a66a26c115b5a45c8467a7abac935d16cbe74114f656d7998aabc1cbc005d2d3942b6bb5cccb5dce41b8793706757a512fd78f2be2b00eb5821c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc2857740b912700c20fde0b6e015eb6

SHA1
3a4697248ed60aaf3034545dcf81d8c45b33fc9d

SHA256
c706ecd90495128f17649aa07197e8df680edabe0701b494df13cfd5c7c3ed23

SHA512
0921639bd110b5798f6997a560954e95d4e0c4aa60da3bb5dc3a9dcdd70d217d33f93a74bc75a2e0c1358062e739521fe2980e379fd773e75cd4f5c6992f5307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
353d7d8ba5efdd2e4938381f9add6f7e

SHA1
63417321cf8a5bd67031d0a86a6921d717baae28

SHA256
9b3cd4f662b7fc7428f2be6fcaafc8548aa08fae1cf03a0975eaa9643a3ce483

SHA512
93d2a5b33bdb2e75eeb12848440c6d3eb699e55bf7bde172c3b2e4d40bcf92b6b2a416608ad3cbb3c9a9808802b0dc4bdc716075ccd8bd5eb034f57466d97ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6597d4718039e30d553d84730f1d3f15

SHA1
c87b0dd985bce131377483d173c927501853bfce

SHA256
d36ffdadb69f3e835ebbc57a1a33aa455839efcad29c668cae258dd5a86e811c

SHA512
9e7202b8aee06887a6081ddc5cec4b544fe390a6a7cca7915cb71db4f5efe48d965101c7777be9ec0aea1af296eaeb16b59da03e381c59044e50ecdcb2a1b3a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5d0d0cfaedd01e76f049a9bdbe31f16

SHA1
1e23aaaf17eff9b16640d891eca0904d8a8eddb2

SHA256
5769ba0181f16f1211aa7721c9e6543a8ee03232af6e1ae2046de9f385437f3d

SHA512
80fecae15e45d9aa50b60c94868f779ddf5aa1383c055ce8edbf937fb1fd68cc5b95d74d983acb0b10954a78c4de3ed55876cfa2d0714c415e4fc5b03b0a99cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85b57950c7c11ce0230df2a17a725aad

SHA1
7b1e2db59fb6819fc4656339b93f50d2f8b12d6c

SHA256
ef93ddf389447d39fb97ba5cf7a8b15d10fc835aa1970cad3aa91544577f1969

SHA512
b43b2dc324ccd0f178399f291d247aef2de396a8df2b901d5b1c447a1ff0ada4c4146b6f6cb64076b12369c97f460067d7810e9f4bf0690b8ffa06ba2b0aa39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
589796f7251c4a1aa28f1522c21162ac

SHA1
cb11d08af0d443d2aa8f18bde9c324d3a448b257

SHA256
ade5189473cf5de0766e85e7f85dca93b83a52868950563076ce387f45e82f3c

SHA512
e1cf7247924415b076bfca5cdc7d43bc5e4be72ff76fe2e27d2d8220084d91951aa23bb3d1706d4f4f0ddb2c4d5901c158316c05523f583de7ca116502b68bc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
624a04186779c16af2f85f7a3f5ada04

SHA1
3e7edb88456b2e6bac99c329b9d215aefdd9cc00

SHA256
fc86b70e903d020261de32bebc6e94685a91918fedb8109c95eb5cb4e1df04e3

SHA512
3d351914259002a14bc8356164db6513e4b53d76b6206e20f3e09dd49a318b8813c6a63750830250dcc777abd2fbabe9e8c1f7010cae0e06c86f0c42f34aeffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec782daafae8d222c89f7e1f2e54dd9

SHA1
2b0cda6a5143b82ecbb9647889292598e141f4c5

SHA256
4cab313ef1895de215487b21c3d1a1f13f4e321642dcb13d49e406ebd2fa1ee1

SHA512
a71a5b56ec65be5d2db6e096b1509d0bed3accf0b8222419131fa516df1375a852957d0856de95a27cfd5cd24a5f4f2816d85235c3cc3ae4db2ff8a4917946bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ceb9b49d72c985c4e50c48e7fb0d8d7

SHA1
4f7ff96b45d6751fe7e8f274f92f47b1c144b5ea

SHA256
2c75027c27de077042f0bf343f1306ae67aa8b97891d22f0c32e619b9c63cb6d

SHA512
31938bd51097b6e22952bda69f29b438aeb127ec424d3c8bcb7f07af910c601c0b87a54004868a763b344828b9b7e58f4f0956a72491464231dbc71bbc2ebe7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a50e4e79b0d48a6825979881d2ee473

SHA1
4522c0101e8d672010b959235491f9aa4502e77b

SHA256
ad283dbf12f14b9e9b534cbbbb5db15e363c6dac403ac3a872e24dfae425a22a

SHA512
597349729eb4206c189b8cdd3265cc045b25b3ad54a04792b2f54db1e71b327982a1aa4025235869b06855a0615aea6762394072950c5905e91ee56b2c99e9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb95fee536a0e316b1a60bc8b2fd5aba

SHA1
d047e7f5f3379d3f151fe42559b94b02925f6672

SHA256
b0f00b9f91dbe3dbf2cd773ebdadeab7da84d4b221bf3e10b33d2162e3ce13fd

SHA512
cd881bdd86872ecbea3fffe3a349656ba2246b8cdd916a7aa00f398c0f0f3b24eda818d43136be2727fa0f0818ff526c5bea1d4d6cc7399ade7eb787b3027619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
183dc25573aef2f196c522b0a0efd7de

SHA1
5a599cfc9619b31ba31e946dd34b067852eb546a

SHA256
55a4211c0b0eb389e8fad2880f593dd59124ed9108d082e75624753b2b7b6308

SHA512
f3ebb01ca76d0499fd92956896354df77fc7b02099ffcce8c58f439ab955bae662700139e8911edaabc5f52d5d066428b590efc4fee96d6de8a924afd1511796

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC5C4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC6EF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC771.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A79752FC-1F32-4C41-AB40-C139F453071C}\CCDInstaller.js

Filesize
1.2MB

MD5
698687ac9e653b2c7a1b0d2a2ec40505

SHA1
ad6959510eff569cff355f2ac4c5988a6d6a433e

SHA256
142db397e43384d0af407ad59ed5b64371cf054b7645913592ca72d2d848c1c9

SHA512
29c5971005bac00173c96bc3b7ffc4fd5701d2f7ff5a29fc05bd8832ff2b1c850903ebed72baa6e4bbcaa0c6b14670ba1e59d900f3087c0fdb0453bea5d150eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A79752FC-1F32-4C41-AB40-C139F453071C}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2292-11-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2292-32-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download
memory/2292-28-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download
memory/2292-29-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download
memory/2292-30-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download
memory/2292-31-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download
memory/2292-656-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2292-657-0x0000000006D90000-0x0000000006DB0000-memory.dmp

Filesize
128KB

Download