8a5eb466301604df36bd68a91732701f770cfb0b9b68d2d7ed6fabb3ea97ac03

General

Target

2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
Size

2.1MB
MD5

ed723c9192235fe8a2574f121ae8c473
SHA1

634bc410dc0342f8b8b550d62930770c326a5d9a
SHA256

8a5eb466301604df36bd68a91732701f770cfb0b9b68d2d7ed6fabb3ea97ac03
SHA512

446f29083176340d9c3744b737989d09dbca914f7bc1142cc05fb6f0d85c9383658e3f28252332443df97d3eb47682779e81a59f258583a2d581fdfb57d7507c
SSDEEP

24576:jJx9t62T0h9kLzkDTk+Vx6hNMT/8TdgWvPMl7IjbFEEWcq58HwE3IkkKQR+xV99T:9xTM9IKTvVMh4/8pXHMdIjY8HwbImI

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\ado\msjro.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_fi.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_mr.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_es-419.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msadds.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OISGRAPH.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\STSLIST.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\SLINTL.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmprph.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_hu.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmplayer.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\ACCOLK.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPISHELLR.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\QRYINT32.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_bn.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_lv.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PPCORE.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_kn.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7ES.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEODBCI.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUB6INTL.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnWD.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\XIMAGE3B.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\MSOERES.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\EMABLT32.DLL	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS0009.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\WinMail.exe	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieproxy.dll	2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe"
1⤵
- Drops file in Program Files directory
PID:3008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
Filesize
2.1MB

MD5
ed723c9192235fe8a2574f121ae8c473

SHA1
634bc410dc0342f8b8b550d62930770c326a5d9a

SHA256
8a5eb466301604df36bd68a91732701f770cfb0b9b68d2d7ed6fabb3ea97ac03

SHA512
446f29083176340d9c3744b737989d09dbca914f7bc1142cc05fb6f0d85c9383658e3f28252332443df97d3eb47682779e81a59f258583a2d581fdfb57d7507c

Download Submit
memory/3008-0-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/3008-1-0x0000000000360000-0x0000000000368000-memory.dmp

Filesize
32KB

Download
memory/3008-2-0x00000000744E0000-0x0000000074BCE000-memory.dmp

Filesize
6.9MB

Download
memory/3008-4186-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/3008-4849-0x00000000744E0000-0x0000000074BCE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads