03948a654b0c2bc7213610267e39b1b6847f2840ce7ae7d1a055a558004bcff1

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Size

7.4MB
MD5

d6a9bdec4655857d91e8c20bcf110496
SHA1

38c28ba1a7e8e57828bec9862c7afbeff94b64f2
SHA256

03948a654b0c2bc7213610267e39b1b6847f2840ce7ae7d1a055a558004bcff1
SHA512

1918265cbb86257dcd79c014659624fb409cd585764adea7aaf093ebaa97356ef8a7d9efc7f26914fdae36176f31f48f31f99ba404eecd7a06c6ad1dbf8b5c06
SSDEEP

98304:S4h5PfhefTAv8HM2JyiFpK6FR4FBm21BgdKqyyHab0AN:X5PfhoAUs2JyEYxBojG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe = "11001"	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

pid	process
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	1368	2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

pid process

1368 2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
1368 2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_d6a9bdec4655857d91e8c20bcf110496_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1368

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
41a0a3d8ef407ce04b8607f106d998aa

SHA1
0b069210bb22d7e2013f7123e7a0b44426e96625

SHA256
c13290a33b0a7371d6741b72a1618e04f5a5f3d625e488218a45e88c5a54e8ec

SHA512
5d988bc8a604ebbe235b7e8ed405be677be58b9bfb5c646b3734da0a1d5e0a7337ece815642b2af0baeaa3768010870c4922a16a0a763006301cb89e8c7d92d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f7b24b3da4cec7078c7dd9e7aa700fa3

SHA1
e83ea1d43cd40b90d75626b21ec9b588f49bc55e

SHA256
34db2c72e8ecae2b4b3d0dea428996c6ebf2d585c9609e8969122a3dd34b3b3a

SHA512
08d2a072473c87e24678b04b2cb6ddca1d4aa517ed36e16bc26c402f9285374a2fadafe170efd61b5fb0cf4203ad83b5215cbc9b0260b0c505d160451479a7f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8d2333e9689a0d79bcf3d888ce2ea894

SHA1
71322dc857b7853a76a669b5fcba4c18f9284aa5

SHA256
b93e38532388f47782e65114a91709eb09a2f7294b7ace04f2aa56c5460f6037

SHA512
f6d1d65d5fcd221292be0cc6c8c9900bd6121caad869f91b2e021114e7a37c83b7468035fc61986daec8a1100f3e5f5eb710d8dcf3a53294ae2d7fb247bed012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1924c5e730b7c9e644602b588eaaa805

SHA1
b7994f0b1032b424b9818b8c5237169dc76c02a2

SHA256
b1b880cdab1b99ddd8935ecb2b04dffb184e9b28a42931de58f350401d462edf

SHA512
fbab7f7247c65f6290f70fbc2acbaf8d7ee1b3092a7875efc649088e658bf579237f681494c5fdb7c6e9950dfbe8d7e6111e52341ca8ef682dd1956aaa0a036a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
84169f6512701d44751d94604d2bad36

SHA1
a33158a57776f0b401b67661f806166b481fe74b

SHA256
09ea5ceaee2e74b95d3161185312572ee505071edbcbf3f8d566ba95d9ab12eb

SHA512
35e089eacc8393090898bef8db4db8cdabaab168243245432856725b4a6ac8a151fdfdc53201897ede2b326b7b3a76444d16ef115a55630a1a79bbffac5d3beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
23ea2f788f72ef1c223f0528b774998f

SHA1
6ab4f54be613708e377e769bb7ec9724b3760b52

SHA256
6d5f97a3ab22cd7efad81d8d750277cc64badf1e9fa9e787f161ad941b65ecdb

SHA512
06ac42fde7385f6a4defe49224a3f5eae24525939171e5b0facb2a2f499eca0e5c0a024170628ccc0ec5fecdee050a65d0ff52b961628690f2fccba5cb879837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3dab3326afc69651648d8236a9a263b4

SHA1
c9eca72359db0e64683d9b2808d19f261c3ea463

SHA256
5d7b2e0485e611c910df04da31912c51a4c1d010d7003be5879d39fbd7e0a9a4

SHA512
69a1eb1cb076f6b0df1df5ce0fe1689ddc167aee1b56406eb63222a515d4dc7f6791c38b70c1d0d95f33393f2449e22009eec80e51d9a42eb236f919c8cffdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
21e7ed875f43bdf04574d516d75e43f8

SHA1
437bee8b8eebe225c023974866d158fd4a192d81

SHA256
be4c0bc776596dc5f5049f26a2e29d15d6018d1473ed5e77033105ff59cece6d

SHA512
0e89e3213571861866fd6a2db0da07e6e45a6962b17a66aa44e7224aa2cf8b3bd461f4a373cb707348e8d197ba7fa60404489e66eb93869d09a105e9953ec229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
98f6ad102ab77d91948a37eacaf05d6d

SHA1
f58097830a4e6ce13ba86b8c26dd551d27a3046c

SHA256
24f0234a1540501dfe2c1be7e8df8e0b57e90024be02aeb4e414d678b0afd237

SHA512
0a02dce83462f25e7aba6b43b42fda3ca649934573184f4ba0e7d3a1c46a63cb29810aff459d3e56209441c17a2707df784d437b560d46c107c4a75c0309e418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3264a682af89569e6e584f8ab3406525

SHA1
afd6f1db9f55c1a21b36fb38cf0d84fa06bd131e

SHA256
cbe33a6b0e2d7c4580ce736939901af990e58857c9f8d5a2e4f27189b0170996

SHA512
2d87ffb8fa28813220042b81ba8358544c50381207d31653a2a0180c52093b2b024d540e6a533869e34bfbffcb6686b839fdf25c4c5108d72304fe347303a5f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
db8a7374ef82b4e84ba507550fc4b94d

SHA1
8e454d6392a440b254bc28fd220af09440d57a99

SHA256
8de7b412994994b3537b3141619b9709a05c446843f1eb69651e2a5516dd5895

SHA512
fc54868d2f5f7108bb0fe9b8eef87af86fe122413d8e4a841fd0625bb6052e3f75220cd1e4ac7ffd2703b459d35aed5f25d515c000ab5b2ccb64825bba374431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fd6d6f259b821d057a8f25449143b96a

SHA1
f4e9a0ec76868a7fd3a2bbf00f7f4a948be0aac9

SHA256
f6de3eee6d91994171340db143350f858035694e374dd9997cb6029e04de3136

SHA512
e8244ee2e32a9070fe7a5671163e63ad937109234ba0114f2f4e6f7c804e6893dfa653b6ebc9d28990e76bff6fadb363ff6386195a74a3bfa1687833f0edbd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bf99d6d1184f7c3289e55aaae55d5001

SHA1
e3525fcf40e298f53fbd9efde36435094d59617a

SHA256
914c08258a3a1f5f955c6e3fcd29748442835da50d72a4527d201b86e8e761c4

SHA512
442171933c19d81b59f444958fcb566be66d37e5241ffec61d39eb2c80d7b4bd4fc6405d2ba95df180b2999f65f4aef1275a23952d71236d260eeeeb7d75117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E96.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9FF6.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{948F51D3-B429-4CD1-9B2F-4552E0C9BB90}\CCDInstaller.js
Filesize
1.2MB

MD5
fbc34da120e8a3ad11b3ad1404b6c51a

SHA1
fe3e36de12e0bdd0a7731e572e862c50ee89207c

SHA256
9701b3ba335b5a11be32dd63ea3a466a14e048c1e5881cac81352b459be0f202

SHA512
f3f0452d16a7cd0600a8ffced5167783d3f31e51dce512872ade5031c97b14366af0343bfe2c822c8ac4a281f27f5eeb00fe7d0e8cbe90434f79bacf3ecb42d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{948F51D3-B429-4CD1-9B2F-4552E0C9BB90}\index.html
Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/1368-12-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1368-29-0x00000000071C0000-0x00000000071E0000-memory.dmp

Filesize
128KB

Download
memory/1368-653-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1368-654-0x00000000071C0000-0x00000000071E0000-memory.dmp

Filesize
128KB

Download