99fb7c14ed606ca4dcfe80f7da538cd28f2ccad280c66b0c40212ec6cdcc1875

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Size

6.8MB
MD5

a9a63c5bc997dbef46f861e8b9a7acd3
SHA1

56e88313fcdc511640445e39faea49c41668ef4f
SHA256

99fb7c14ed606ca4dcfe80f7da538cd28f2ccad280c66b0c40212ec6cdcc1875
SHA512

aac19f2f6a33a50cb8909f9d0c6fd06804b218447c20a836a0e1deedb67f4f8d25aa9a5e5d3b686a07bccb457ef79be99cf2b1d93eee7fb0e8da850a72a60ff4
SSDEEP

98304:H9rOvi3HzBvnKFn0MeYttysOx6VamqSJ5a4f+Wb/Ls:drOvijBGnBeYtAX+q05aW+Eo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe = "11001"	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
2968	2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-20_a9a63c5bc997dbef46f861e8b9a7acd3_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba44fbed9b4507bba041ffffd0cbf461

SHA1
15a31c3bd44318f126312d5cd099e25730fc667a

SHA256
16f63d6ca76958476b602c170263af4c716c152d52e8bc11a982c967419b9fc8

SHA512
d0447d388deddae55c56928623989f2e38d21b6e22eff821723f2b2243a298736b64dfe55d56959cd7e5535164dfec5d8049826fdcab02f27877a45111b80ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
658d006f9152d76cd26ef07585f96df1

SHA1
9fa503e15da21406b2e67e671ad62e56d51c0f12

SHA256
52cf236d98c4c07e61cad4bd3328518ef5b6ab1a12d4495479ae484160fc7fd3

SHA512
c1cd5214e6c897e649ea7c633360ff211cab8a967d9d74044f48dad02a420767de5e9c11176b06f5a1a9d9093870c7d55ee784d8b59cf2026f1c49cd99b90da1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d1e6467b4581ced841b165319a1bb39

SHA1
85afeaa0d921add43c721b69ae2ea60bbb2a040b

SHA256
a2e359078e05b81db29298bd961d10b7841d4684790d7526f4a80b08daa7aedb

SHA512
f823174642d5c3e9eb9fb33fb6905c82d13afd31734b233c52e3f6e9218b0946a9cf474d01d8a01a49c2bf087a8842c96a2cc14e412e6f965558ddd05277a238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b28313737303ad76239a305abedce9a3

SHA1
702182e64630830d4fcd3f87ed9fd1505dfb659e

SHA256
1d7729c198fd08b517890aa504da0646eb14721b0f35dc596a8f2e55040100d5

SHA512
cbf5c8ac672d0de549a02948b8c7dabe7cbe0508dd0c7d38ba056928890a4de2b2c1ae84296209d65d9b336fbd0535e5801cfb0230cab1dc56966f5fece180b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3509d5814cb19583d77cdc169f1623c1

SHA1
a8c9f09e129c7ea7495fde1337d663e3a4e03515

SHA256
c13b55fdd1222d7e807680cb832c6ae5d821c88db3a4503461cad1076db10768

SHA512
cd7c6cfbd6ab93b8b212076254b9ed02212230a8d16f78eb34d8496c3cf09dcc036e901630239feffb1ce001f86fde65ca68a8741a04ad654556938750e0b6e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a165386ae77c57326131045bf40c8b5e

SHA1
97763e63f3162227087464d80fb705d9791c0152

SHA256
1845572a25082f23d3e92667c630942db28ab3130d086ae59ae3db129d5eb776

SHA512
22aa2e1c85d2d752deedf45c84eefc5a95f98a3c58976e5c65009f92246975e5a69fa8e9341205cc3299ca5575c91561f8cc5e8169fae77409ee3d4b7d2ea673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68edcff6825e37a63455312dce430282

SHA1
915e76f2f30c72a2d0a96e416974826876122a0e

SHA256
9bab64e3060d3589829ba4f0ec47f23a3b00570c07b1799586de46c4d753a435

SHA512
7eb30e603e2271e7d782f66a34e02cb24a2389cbbde9a20fc8e10ddd655d7b1e8690513cad146f32499d1f5f641844042913a3016c7154162d482a1ff14b9382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6982f761bdebb065994dd10535796eb2

SHA1
d857a8957f7f7aa4ce42f13708aec31c4ddb4563

SHA256
aa3312b723a8673dba2e33d184415d64d57b73042c5d698569deb98fd6ff2b4b

SHA512
c862009ecf0cb1c127377c4b71ae687d681db7d2d583e7a9c73fd446eaf5ddf3d5a27deadab9650f97fcf70e42b7219a40f97803fc11714dec9e33e28b8643bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6020b3d112e32c56076b0ec63f833e0

SHA1
24189b7ea4e4a5152b9fe0620f07df1f53f95658

SHA256
601c736ad815d29aea307935e3c329b21fbc55a68ce4389eb35e630ae9cab713

SHA512
84e436d65d2d3f5de14da6956fbe233991976012ea8c5a5280781e97bf4c6dd93dbd0561812b25cbd384a0e243bb78c05be4024a6a106b07f3d005fa2b11c1e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9cfaf85298b033bd938bea0a09a8ece

SHA1
b08506bd2c69f7fa6fb77db2c4229cd51ddff561

SHA256
e3054bd10597373dc643f46031d3e32666a322c1faf848d46b76a58eeeed3a4a

SHA512
c7386784a3a9ee736bf3b257bb9334c563f1a95e3e4832d3b2e75ea000bafbc6b03e6c8817cb98dfbd17f41852bfdf33ea860c7196ad2015c3e56ed4d174a11e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e4d5d8d6f0ce67a5cd356ab41602a16

SHA1
cb2e62b123014988120ae44e7997deb96334dfd8

SHA256
d65045ce6fbc7104f72e227aedf03a54e04f68d6bdb0fdf9a25330f75fdbbba1

SHA512
e13a9141d979ca3beaf1532de66c4348c28c85156c1888c84db388685644b1e533bbb6e1165bceadd8f9324c4aa66ee6c5c897e1a7474312439ed94d76392563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30540d1593ccc1e2c96ad6459f3208d9

SHA1
2c8063fe6b57fca1d5106427bd9ec30eff813850

SHA256
9f175a8ceab6d21a866f0e75daca80081e40c93a18fffc7aa29abbbee300c71d

SHA512
9aff0aa5ff870892cff51032f80c79b51134b6f3af4da5dbc722d2a56d4d4cf9f7f4bdec9f885355b85f2f75841f5058c4148d2571f7032d475be14c261bccbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8edf1648ccc4ffe307e7c0a4f376128

SHA1
9886f64333ef90a2c5a22274f6beb68ad1a4427d

SHA256
2cc06e7172d9f1779db6ae1ef7268c800a20f8d091fa5158960f31143d47037b

SHA512
bfb46b2a51c3c08e54d96b32e6013255d75a14bd68535293f7b7423fd173b166ef1da0ea6bba3643d8f0187d5a6565a5660f4985bc63bfe04b6bed4471d0189a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2d2172be4beea5d6a954b89490cf6b0

SHA1
867305b93a793aabfbdb0ff237284d790e241474

SHA256
2a822a054b177554a7925791a3d9a52d8b3b64f176868a5fe348ef71632561fd

SHA512
aacbb5f583a2cc07a29e2dffa36e7ccbb6895fa9dd64b82ffa9d39b2ce0be8a1b64172c9cd4562504c870a3f3c10956af4bbd4c9e39aee8488703e43d34e4bd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3024c52ce1496e52ea2715d614802495

SHA1
5f5579289d4c8dce16ea272ec67d46f9de915a0d

SHA256
f9f742526b72c81a908c05827b18d211869bffacd00e240b4f835014c91587e0

SHA512
391d9156cc3c5a9f08d7522f99f4aa7ed74954446bce65a8a3c025ae529da7779916be88dd34116e1bf12f4f228488b8259aeb3e37088b92c0875a8bcee1843c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DC2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E90.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1EA5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{06A22B74-842D-4B5A-9980-295E9A28B74F}\CCDInstaller.js

Filesize
1.2MB

MD5
698687ac9e653b2c7a1b0d2a2ec40505

SHA1
ad6959510eff569cff355f2ac4c5988a6d6a433e

SHA256
142db397e43384d0af407ad59ed5b64371cf054b7645913592ca72d2d848c1c9

SHA512
29c5971005bac00173c96bc3b7ffc4fd5701d2f7ff5a29fc05bd8832ff2b1c850903ebed72baa6e4bbcaa0c6b14670ba1e59d900f3087c0fdb0453bea5d150eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{06A22B74-842D-4B5A-9980-295E9A28B74F}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2968-11-0x0000000000C30000-0x0000000000C31000-memory.dmp

Filesize
4KB

Download
memory/2968-28-0x00000000075B0000-0x00000000075D0000-memory.dmp

Filesize
128KB

Download
memory/2968-650-0x0000000000C30000-0x0000000000C31000-memory.dmp

Filesize
4KB

Download