7508a37a24f295c7a9bcb9b31a497a269f143ed4bea85f9a8c329c1c24392e98

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Size

7.4MB
MD5

cf72c37a5c83391ac991f9b14db6b1cd
SHA1

6bd57c396230af421fb10d25e0319903e861f685
SHA256

7508a37a24f295c7a9bcb9b31a497a269f143ed4bea85f9a8c329c1c24392e98
SHA512

37cc7ce3f75b9af0a4f7d40f3c8697b01aef89017fb9b85129906dc8ac14bdd118a5f688e045d7f81518ae0fb43dc9e90b56a6edbe20c0a46b2376fa34931516
SSDEEP

98304:U4h5PfhefTAv8HM2JyiFpK6FR4FBm21BgdKqyyhab0Ab:x5PfhoAUs2JyEYxBajc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe = "11001"	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

pid	process
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2340	2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

pid process

2340 2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
2340 2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_cf72c37a5c83391ac991f9b14db6b1cd_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2340

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c1b9e5bf9f9325c0bd268763b6a2b8b5

SHA1
7213e56027414cd9d62b1c04b31f072f6b6fe18d

SHA256
18db3b478c8c2d08466620013a8f9d5fa26363cc0ac724535cf3537b6a42fe1e

SHA512
88b4ba4d2b5dbb449bf45c145996f295f16f3281cdd2abc73319b255b0e41fe0f38b087a763da7003c9b334cdc5e10f6c72192cb559899b6d5c7dc0998743d5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9c30132d493dcaa99847ea8e576473a8

SHA1
90e8a5fc55b44a46aef19966693fd768f13cf58b

SHA256
685347851bc688b3cec89743f0c99054c5fd9afea41b397b5eadbed8aacfe204

SHA512
6c5aae00e8aaf5998fe666acdcc93a8d560bfe8776e7a9800109593a50b3651df7201d629f4afd14f8c31d017cee174eeb6ce664054663af08c895a15febd43f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6e0050c0179977042bd0c9e45b39e493

SHA1
75fab0c8438a39d08a054153828528e3d56a1104

SHA256
e1fd65b4edb131ee67da470df0923de410ae67577838990cab17e435a7a45f6e

SHA512
75c207b2f020969dc1dc8bff7ffa38e51be49e3f8d1262d45e944c1d2079265a211b587548c178751fcbcc321ca485342bc8be2182d5f72212fc0526d967cf4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
42c854547aac92ec7a3ea0cc349bb4de

SHA1
930a02f85e571e0bb272b89603d1ecfa18ae5dc8

SHA256
120a3c7a3410951f86e9d602367ba582c8fb21ed7386914bddc2b0e4395faa2b

SHA512
3c911c82457fbc33eaaddf0b28e33bd8c5f82ad19f02455982e6fefb5cb68bf84084a5b2442276f974cd60fdb919a898e47360d227c2a836529784ffd94030c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
77cd4e4c893674933973fd18f3d76253

SHA1
b187df1a12343205dc3c161bbb43d6599025569a

SHA256
1efe2ecd62c9d1d4a12b79b3acab4292ff0f042cb8a86993bbaee88837ec274a

SHA512
d0698530bc19d8ad1ed90bc6c7e2d402ff56712b0a45e0a4975467629050c44fd1f096752fee6c6242d842eeff8cb0f0690a418dde9d10180c1d114bc55b8229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a5ddd29f47b3087684e24fd99957400

SHA1
772535ed7698279337efc1ca7476b51f5246433f

SHA256
ad199946d096726a858112dfb750cd05a06da731f1c99b51b8918915c4f20edb

SHA512
1bac2e0eaf8e3241ef4c7c3b04ea54feffb807ff47fb5b78560935cb111b05177c5cb3c57911480a1e55178e0dd180abe96a94e639eb77ae17c69a48b6d802e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
69149484e6ecd6257bf57b4a64ed3fcd

SHA1
d18b9698272a9dc2f54082396745e04ef827a4a1

SHA256
b3a66e21a62a826a0e8096e1ea58dfb00821eddb877ec92c4218dd302ff75b48

SHA512
52878a5836b3cdf5bbe051066c0c6baf47af1e1f09bd2b479e63a080ef752f0c1ea25c89f95b61144d9cbb6e6af417f32cee7b684b36fec2670a88fcdeea1438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
076a1ffd56ecbf1158180ca0e7102742

SHA1
60a7f9408af4ac78120d75289d3903282f92cced

SHA256
8172088563673e72d3595d622f91e0bbb36b34b6f5eeade1e15b1cf43dc63f36

SHA512
643e77e037cfe03bc6acdce525e78c98666b3fb9a7b79be7bed893d8afbf94551cb4e07eb9e8cfebe38cc508d33d1b92d389dd351198e31485229c0c22ac803c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
07bc60f799cdac9ec3591220bd3ca63c

SHA1
3cf950d1c2f32c7c1e30f50e99cc4033596d90bf

SHA256
ce84b5b2c81a69c6950f56ec544126f68e8c97fef2a5952aa1b197de070cf717

SHA512
82b30dee6e258b2a1ec52f36b581c3503def0e2ffaee981fe3b194a64d7fabacfcae10bef948d790cd4b826ba6361a2c802e91db16653dc5ad5ce5c12c19e33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f98f52beaeb259aa4dd231c134bffa73

SHA1
ea961f73736ea83d1e2e1e141a3d590b08cff800

SHA256
bbf4f7dee97f4b03bc30c26b767e778eea80468cb8ebbaa13e6d740fa175de9e

SHA512
d9c80e2ad76bc03c242197c33fb796648d276b630eab4a239079af0773c56ed152f6397d3a5f97cbb41d5d690dc3cd959e1d3231d39cad1421dc6e6935c6438b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
34aefbc51e0055babe386ed8a08857ab

SHA1
b458c991e6aa08bdbf64ef05d5afa4a1bc327594

SHA256
50413b3dfa44ba22f7b5b0d0e930ce34a23da35107e69d5e0612404771c56b23

SHA512
72fcce953b6b6546169c326a4d937c6d56458b2c2d59bbb16dddc9148ad66c3e21c13c2f56c01db9175272aba6dc36cf7a2c352cbfaa7dcc23fee44ff78afeac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
87d0f5b1f7ed997445a0f11e60a4bd81

SHA1
407deb5945c4a6274fddce05576b8e7783798743

SHA256
c1b0f491b7ff1ab46b7154060ae0d124a433cc85fb250e5cc134836712c5fdd9

SHA512
3e11f831ffee45b18327ba8820be96db767f94eafdaeb889758623a9f7919c3eb81200985526e503ea8e15a4e356dab8110e098a32473f7992d44eae3583aa2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e278e4c26a43a3b64fa2cfb9c813fd21

SHA1
e6c2f7499c68cba4b0e419fc86b5c29021295442

SHA256
3eccb876dcaf3434bc0ab60bfaddeda968856b779e37d1fc55d2545517017cab

SHA512
cdc347a72e592f06b65a3618aa70d12dd1ea8101f54675e5632311c02602927fd542e398013208c383121892fb3c76a576bbec291d7728bf00b3a4d5b6e52823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8161aa0be20acb712cccef0a059a70a1

SHA1
36eb7126b4b4e200ce4422df8b8f5c2226c14078

SHA256
1da57ed25aed2191a9f94459f2d34161ee8b9ffb2da2394f06c9a013c15fe892

SHA512
46a6b00c46f6a4affa14d69fc93ec4574563805bd449a5e16eff36a8c56982af0ce2e001cfa55ed5e87f596c3c6e8a7ce0fa3276605e52d97790e89997c50f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A20.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B2E.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B42.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1F5EF280-4028-4A63-96FC-CEF900D15A33}\CCDInstaller.js
Filesize
1.2MB

MD5
fbc34da120e8a3ad11b3ad1404b6c51a

SHA1
fe3e36de12e0bdd0a7731e572e862c50ee89207c

SHA256
9701b3ba335b5a11be32dd63ea3a466a14e048c1e5881cac81352b459be0f202

SHA512
f3f0452d16a7cd0600a8ffced5167783d3f31e51dce512872ade5031c97b14366af0343bfe2c822c8ac4a281f27f5eeb00fe7d0e8cbe90434f79bacf3ecb42d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1F5EF280-4028-4A63-96FC-CEF900D15A33}\index.html
Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2340-12-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2340-652-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download