de66704f068bc75bc984abc0ee78b79c663c907154f0621593b1e7e4e5b45360

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Size

6.8MB
MD5

c6a564d1a6468eeb3f1eacce7b198f8c
SHA1

161313eac66315988be594f4b9ceac478a2084e4
SHA256

de66704f068bc75bc984abc0ee78b79c663c907154f0621593b1e7e4e5b45360
SHA512

88f11209eb32ce1808908fb52884772c79ad7d3ac9d17972b294653b8684b47967fd686652d915252ff6bdcd922de5d8ae5088ec2bd70d5c8c91c23260c21af1
SSDEEP

98304:B9rOvi3HzBvnKFn0MeYttysOx6VamqSJ5a4fYWb/LY:frOvijBGnBeYtAX+q05aWYEk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe = "11001"	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

pid	process
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

pid process

328 2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
328 2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_c6a564d1a6468eeb3f1eacce7b198f8c_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
176c585bcf7c90da85856626c798e7ae

SHA1
e39fc9c08acdc4e1e6901e54e74376b5f4c8ab00

SHA256
00782a505784bcd725d7827eaec65cf37e6a33bcd2f8d88f7c454ae8f2670305

SHA512
2ea9595376ce32c526a966deb53aaac6b472c61c86752b2c0758d11ce38c8eb60fc83a8b744561c314602c2602bf3554cbc5a45a9dde9142384d84542b3cb8ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
445a0bcbf820900901b5f7ae44b623be

SHA1
ad60b11f92f6b925d00aae04c4a5304d28a59c22

SHA256
cd8a3064237dd70e32fb4052d010e793a8a428d6582bee686e0e36e8b08604d7

SHA512
e5df2543d8952bfd802017dc50a66c84c7694166bb32250498a8b968bba8aa7a3f1d72e7e86760a590f87c1917f8b85099761f49387eed0fe33d0f02571d8443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d93877cfeac4f559bb5066d6a0feb586

SHA1
400349f435d7bdcdd1ab7417a6864578eae64bf7

SHA256
8a6dc2f1b4fbab45e871f11bd9cd49c3714b3f1cb65f398730d436636f40abd2

SHA512
2a62003a2ad25b47ab70454e1e0cc4cbc569ad9fb070cbdc8385d6344a3e7db293cbdcc7d94e4344fac6c3ff34dd38626bb0e5efa0c2b93644b44c4fd0034ecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
072e096e30aa5232e250a6742005a42b

SHA1
17da72dd43dbe5baeb20564faa28397173b15567

SHA256
a163dcdaf6e928f070ce9aac71f8e9d1f638df223ae57dc6f703968730b32af7

SHA512
68c341e61a4028d2b4d9f107700cbf1ec4a3e7d53bafb1c49b409150528885d06bdc3687c25f1c6e8646263d919b30f8f36b64cab6703c7954c03239cfb2c82b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d2d78a9518e801c2d937b76990a64f

SHA1
2c49bc8c484e644ae2517f4c4adc31a83ed9aba9

SHA256
41c11ab5256d0b417c98d4b5247b5daf2ce60bbabcffe8805c482e7a0b78bfcd

SHA512
ea0ecdc1cff1a327adf00cfdbc715cbb4a29e6d20eae9dd2064ac161236d5af6a5768eadb68fc6846af27a89691449343b9cb0ba66dd6a77cf153d9922e73a4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3be221c1a684dc334a7546a20fe6b4e5

SHA1
1aa6ae9d8bd8a6f5f79b2f1d03eb377509f58335

SHA256
dd5c8166f153ca7ed9600dadf5e4c760e3ffa723a08bed64e95e4cec21072a2f

SHA512
c1e28fbd200d383ce7a5f60a6b217913e5281d178bc9078a250f2069795036bb49911a5ff2cccb3f467b1563cd7c4105a0775ad933e61c4f0d42013b3c469da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3312afbc96160a964fa0d753bc49e3f

SHA1
01088fb509a74690c2d1fea58577a307fbdf76f5

SHA256
4b1a5709cbd01990ecfe62fa61ed462e05e02bb93a94cf497a45f93edf3f78de

SHA512
364ff08a9fcc5ffb57e8a87c3d5335702efc2c8af5b32db8e13b017b0ff0df70dc30f9eb196461fb2bcca2c866e9b4a7a370b78741b4ae7eab7cbd5f06e0d3f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
901dc6ed08ecb19e9db42c853f333822

SHA1
c40bdae6f2fd867cee20eaa487d6dd038e1cb71a

SHA256
c669cae5d6b7efffa44e90804904df41b707b717dd8a0dbd0432c0a61d2aa1ad

SHA512
0266f5350f64760ab035dafdaacd7c819d817ade5ccf2a490131860f710147a659021c58ade0b2f58addbc462aa784fb4dba6093037b03fbbba2c1fa7b8edc3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2880b8ed8d7f30698cb805685daa5391

SHA1
ae346ea1b8276b38b1f14b8bfb492d19691ed142

SHA256
021e4a2e06babd3d54972e8b964aad6970a45afdd3b116eb812ad148c3cec59c

SHA512
701bcb8c5f98ae68f543566812bf853fde490cc3799cb3100f0885890d78e9c9f9d03b30f8cacd419d0f5d12740cb37e0e509dad9817ccd7503774867ec89154

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54a5a0cd8aff113809ced0fb52bc34f6

SHA1
662c7e59b425153b6c1e091826cecb418664c44f

SHA256
64390df251ad481e6750fcf074ab419dbc1fbb45a2cda8dfd10280ea7aa2cff4

SHA512
af8992c9e7e289028f77b670c08e21254f5782aa235e8c3eb966c15aef9c355a2a455a0e74adb2e7ab6c3c6aaa5f509cf82181b8e3e1e0271fd0c08f9df96914

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
404a08329f4fd2f3ae427aec3a322efb

SHA1
60820bcd34df511d54844a6a1d287483d5723660

SHA256
d12c259c308142f9db76bfb1cdd2194dc1e32ba06451e5e3fad252731c711624

SHA512
c21e10fc3015252ed455a6f2629e38cebe500eae362738421e9fd363aa26de6be9e06e608bff61a896378883e956d766626944c88bd83a555b4a3c8ada20579c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48b19ebd3a5afe935b6e15d875d0171f

SHA1
82c61de55bfccb101d52fff2b7000c3cdef1832b

SHA256
6b6921666ec3d85fc74b98b869023e1603cf0dfe8f108c2fead9627334a4528e

SHA512
11fc597d2bec450d99e265f1c91cd9f32974a0948640ae9c2a39ba387f0adfe58844a3dcac892be0e1ed07200746ca370f78e2d40da35355aa9589c4e061ed36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1a63b393003f9173bc0eeb8e135af60

SHA1
a6cad5340e6618f32313cd28ddb907ed5e68e0af

SHA256
3691dfd6edf98f66ea6f794e8a259290b8bf99aefe29c9910a4751322eb2ed3e

SHA512
35916023ef1a9ccce02db84f23ae3586263dd89147f5140897832dc628567bc44482d786062b964dee9376e54e97d224b54d7b3af7657299c730ca94b65b841d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84744ef5ef24b8220e04d3a812960d52

SHA1
54c37265be8c4f024c227d7e48e397163de0a859

SHA256
ffcfbf3227e9d952947d68778a6afe4d4ca732708e3213171553ca74fbf79bbf

SHA512
b0aca7d58d978237b30d028118b9dec59b3e6025f35f92149178f85723dba2c0c604b11e87612bf34e75a05760c98ec4c422867b8447704ad6c815660eebe786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2486.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2517.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{219EBFE4-CB0F-4AD8-ABB0-068957A30036}\CCDInstaller.js

Filesize
1.2MB

MD5
698687ac9e653b2c7a1b0d2a2ec40505

SHA1
ad6959510eff569cff355f2ac4c5988a6d6a433e

SHA256
142db397e43384d0af407ad59ed5b64371cf054b7645913592ca72d2d848c1c9

SHA512
29c5971005bac00173c96bc3b7ffc4fd5701d2f7ff5a29fc05bd8832ff2b1c850903ebed72baa6e4bbcaa0c6b14670ba1e59d900f3087c0fdb0453bea5d150eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{219EBFE4-CB0F-4AD8-ABB0-068957A30036}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/328-29-0x00000000078F0000-0x0000000007910000-memory.dmp

Filesize
128KB

Download
memory/328-11-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download
memory/328-28-0x00000000078F0000-0x0000000007910000-memory.dmp

Filesize
128KB

Download
memory/328-31-0x00000000078F0000-0x0000000007910000-memory.dmp

Filesize
128KB

Download
memory/328-597-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download