Analysis
-
max time kernel
60s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:58
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
-
Size
2.1MB
-
MD5
ed723c9192235fe8a2574f121ae8c473
-
SHA1
634bc410dc0342f8b8b550d62930770c326a5d9a
-
SHA256
8a5eb466301604df36bd68a91732701f770cfb0b9b68d2d7ed6fabb3ea97ac03
-
SHA512
446f29083176340d9c3744b737989d09dbca914f7bc1142cc05fb6f0d85c9383658e3f28252332443df97d3eb47682779e81a59f258583a2d581fdfb57d7507c
-
SSDEEP
24576:jJx9t62T0h9kLzkDTk+Vx6hNMT/8TdgWvPMl7IjbFEEWcq58HwE3IkkKQR+xV99T:9xTM9IKTvVMh4/8pXHMdIjY8HwbImI
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
Processes:
2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_tr.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PackageManagement.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PowerShell.PackageManagement.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_cs.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsiProvider.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\onnxruntime.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_sv.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PowerShell.PackageManagement.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_hi.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sv.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_sq.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_zh-TW.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_bn.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_zh-CN.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_id.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_sr-Latn-RS.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_sk.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_zh-CN.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\psuser_arm64.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.ArchiverProviders.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_lt.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_ca-Es-VALENCIA.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_ka.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\msedgeupdateres_mi.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll 2024-05-23_ed723c9192235fe8a2574f121ae8c473_avoslocker.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeFilesize
2.1MB
MD5ed723c9192235fe8a2574f121ae8c473
SHA1634bc410dc0342f8b8b550d62930770c326a5d9a
SHA2568a5eb466301604df36bd68a91732701f770cfb0b9b68d2d7ed6fabb3ea97ac03
SHA512446f29083176340d9c3744b737989d09dbca914f7bc1142cc05fb6f0d85c9383658e3f28252332443df97d3eb47682779e81a59f258583a2d581fdfb57d7507c
-
memory/228-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmpFilesize
4KB
-
memory/228-1-0x0000000000D40000-0x0000000000D48000-memory.dmpFilesize
32KB
-
memory/228-2-0x0000000005C10000-0x00000000061B4000-memory.dmpFilesize
5.6MB
-
memory/228-3-0x0000000005740000-0x00000000057D2000-memory.dmpFilesize
584KB
-
memory/228-4-0x00000000057F0000-0x00000000057FA000-memory.dmpFilesize
40KB
-
memory/228-5-0x0000000074A50000-0x0000000075200000-memory.dmpFilesize
7.7MB
-
memory/228-6928-0x0000000074A5E000-0x0000000074A5F000-memory.dmpFilesize
4KB
-
memory/228-7760-0x0000000074A50000-0x0000000075200000-memory.dmpFilesize
7.7MB