0515ea5f43420351e8308004190466706f4d653c0e48a98a5b87f318e6fe731b

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Size

7.3MB
MD5

9ea06b7937a77cef96807088c10bd107
SHA1

c03aaf9e3ca9db5ebed61a2c3f7971dd0bb14822
SHA256

0515ea5f43420351e8308004190466706f4d653c0e48a98a5b87f318e6fe731b
SHA512

4ea847f08fb640a870f126f1a6e5a11ecc595e7057fa720bd3ce5ed02fe78ed0c27edc1ac10d9681b2a1621c98fb59ebb705ff79fb66cac86a082561780cf12c
SSDEEP

98304:g+BPc9rUoflanoCoN2ck3q2TfUvuQsRwAx8nfJVAsh+bQYl:sUoflrCOP2Tf4XgSf5hzQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe = "11001"	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
2860	2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-24_9ea06b7937a77cef96807088c10bd107_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2089c84e4c9483ba64866c7d9937cf41

SHA1
98da0a6bb25f3277af6e95f6de164efb9179c96f

SHA256
974dfa4f78ce00d64242377474bcee289f4b3bcff16609ea0a03cd5e64a630c6

SHA512
b637ef500c4903cb03dff46ead0f15d21c5ab3a29b74f9bfb8a5cb1e78dc0195d8e6641b2dd279e01be770f2b2cb26ada7bc7c8254b5edc1d1cd2e0b37825c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b694b41ff4d7c48422033aa66246b971

SHA1
78e6c42461aacd8c71435333ae558cdf85d4d1a8

SHA256
fdfc7e1bb83cc534c73b1d847bd0352c85cdab2def47f32000765c7109ca67a5

SHA512
c8283d7a331196704c73fd5900ee6d61462ce42776b466683b2692e7c632c779076383e9fbabd413c1e75bf3d509468533d8c81e38f5a14b92cf0b256000c369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec7793881e383908bc68c3871e5d92e

SHA1
36eb8b7ef8b9815fe8d34332ec50d7351bd3aa42

SHA256
29759f25f232cfc6b05a170f386cb9097f081eccea36f2d9b7db9aef6e24f26b

SHA512
4a2f3a7cb09d43447c28cfe3fa06ea9350afa2213137f01722ec741368b05fe8f309872969a9f45a91693997ece56f3e3f0ce98ab28d5881c932ead154d0fe06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8e1423e7914df1f841b87f1ab463c8

SHA1
5adffe0ecc5c354cb6fc678a8abe86ad5b22753b

SHA256
c85945f19c677b31eced54749dc1664bd903d93025daef6838c96293e857d8a7

SHA512
901e5b7b2abbfa183ad7a236749890793f96ecf492b7a36f99f9c7bdf02ae5dcb191244e275fce862dfcf1312bdfe6f46de9327dd9a85bd8c5426420d91061b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fa5d28f4b88dd6656e2923bcd46ef35

SHA1
4c0d37bc222c52463e3770caeb147258830d18df

SHA256
aa01764a71cb03883d3a8942ee37fd68ef18e6b482c8564c1a77b4f1af6ecd09

SHA512
eacfce0e401517c803c473c7e284c910e2e42f336f4c9f9ec92cd8d9a0c7fcacf21e1f2f8de14d8a46ed2340eb8f1a36a84cfc79e09bfa6047141d5cc38dbde3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
195f4cb42b61732aa6585d04d7649a2a

SHA1
f000109e0d70381ddd4ddb16d93063400f6411fa

SHA256
3d1eb3bbad11fa359c8e03eb4b1b59017fbfb92a9ef081abebbe5f101db5128a

SHA512
35a2d49acda7d26a95ad731d7dd22b67a91ee7b98a8c94db0d05af346fd91725fcca789aab60af4d636871112e23462eecdea1282100e505d0cb04968b6dfbe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b937c9c2b28f35eccfc0095e54d56a00

SHA1
5d4be7bb0b2f99f200d14233caa9b26edcf2fbb1

SHA256
0d38d658a3fb2a93979415a86edfaa73c816ceeab40f9d3deae39a8320c2fcb7

SHA512
81fd9e60e3a5e774b71e3de598eaf040f8a718950334a3b2c68da4b91a19cfa0a83071ec293f2c1a2679b4535ad3b622308ff9448465a5e561e646e60b3c9e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f36df985b7944d1aec8fba568c51fe95

SHA1
d24c339b6bf85e014f586c9983e6a7758b725244

SHA256
1cfc2299b21a2aba32b5e1ed79612945b43b6469ff205b9033801ee1e32c2eb5

SHA512
9c2599bda31dc609c812c32ed53a67bd294e941b05eb80e2c6cdd7663d3736e732b9dfc5e99296bab6e53c6df7dec62bd5e4e92c11f25fc651c4a302e6790d20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af35a31d564c4f5850f6d4b41df34af4

SHA1
19e19afc528bc5ce17ab137a33dd5ff6bc47d627

SHA256
67c01e2269c5eda58da5d58c8b214470599f4085668893f433f3bf2b49b4e043

SHA512
abf139e3d9e3817dff2f47350c3d7d342797a5c8b984e11e9aa7db549341d9c3c6ca87c6bcc25a79f28e9ccfc21ea433741df61f151be24ed11f9d37c63ecf88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7fd449a802911cb03d4cab9cffcddb8

SHA1
e0b163be67aebb98aae6e308a7257ab17179f6da

SHA256
e91d3491c4d339d7424f324c2e0baee8da84fbe23dea41d69dc086d1dcc905a9

SHA512
ec92eaca15da55e120970b057f6af45d8a855c880d3e6949719c4ebd0027942b5b8c1dd0caf581407eac079ba18fbfcf706fc22606c4125da01dbd26e6374056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3c8056def3b9740d1b9466bd0591949

SHA1
42352d73b213898f589b2667c7a8fb512a9070f7

SHA256
3b5c23f3cb0582d81a02cb926541ebe09fa733b64ca5751154180ca988f9807b

SHA512
8a4aa199596fe52be1e59363823331c0420b82ca3aa10b8983defa04e2f4f879210264b443385a258ecee378c970c481e2e3031c4117193ac0d6dd595af6b71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a1bc493c50b7daf553580ace1c37265

SHA1
d2dfa1425c560d37fddc457ffa0b2dd46773c2b3

SHA256
cd215969cac01f69dde71af763526ca70953ab5e77600df047b158e8d066dabc

SHA512
97a0d15ab991a5cee3f9bd16a1f06c60b0ec451b59cdb6994e3006ec5ba0767d04c09bb7ef13d23cb4a7c2b7baacd62f532b509f0ade7075fd132b7242a5a070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a97ee807318862106bcd610fa64253f

SHA1
b704c8dfeebf35e493ac8f4c0779bae72195b60b

SHA256
150b9e7741717bc2415d6c756dc64d4c0711d9bfeb10874e03db7a70939aa431

SHA512
b038a278b59b6e113c4faa8b9eeb1e5e919a0e0ccc65ed469254beb4047c772902c3376e88e52cb645fc4b99dad6a0bd168d3ae27a4ed6b8f60be00ec0ba7142

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAC1D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAD7C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{83DEEE07-9944-4B76-9BE4-7A25A1BAC6E3}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{83DEEE07-9944-4B76-9BE4-7A25A1BAC6E3}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2860-11-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2860-28-0x0000000007340000-0x0000000007360000-memory.dmp

Filesize
128KB

Download
memory/2860-30-0x0000000007340000-0x0000000007360000-memory.dmp

Filesize
128KB

Download
memory/2860-29-0x0000000007340000-0x0000000007360000-memory.dmp

Filesize
128KB

Download
memory/2860-31-0x0000000007340000-0x0000000007360000-memory.dmp

Filesize
128KB

Download
memory/2860-653-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2860-654-0x0000000007340000-0x0000000007360000-memory.dmp

Filesize
128KB

Download