5fbbb281aba1258dea6ec733935dde5977983430fc5939ea7aef7624d3306a01

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Size

6.8MB
MD5

13c9656a0853d2327c1c744202bf1ddf
SHA1

9ef1088651e903db3bb771e4cb17467c3490e5e3
SHA256

5fbbb281aba1258dea6ec733935dde5977983430fc5939ea7aef7624d3306a01
SHA512

339b99a10b922964c154606a7fb36e5121ff00767280c5f3f46080f6880488cbc00938b0fe4851dd7af01828af9b0a8bcb6eaa45c266feb7551572d3d90872d7
SSDEEP

98304:H9rOvi3HzBvnKFn0MeYttysOx6VamqSJ5a4f+Wb/L3:drOvijBGnBeYtAX+q05aW+Er

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe = "11001"	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
3016	2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-04_13c9656a0853d2327c1c744202bf1ddf_avoslocker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e418432c28ca51a832b4b0f36d6cb0d3

SHA1
cd4449603016047fce5619bcc21de633486efe3e

SHA256
4719e001a8e8708608d60ebebe03d5a3d69bf82a79575dd9e623eb35c7e945de

SHA512
ccc7996b72d805a73e8cda5604fef5c53f7820a525204f779fb94c2f4a30ddb8611bcf5c5fb445b2f3d0cd0ce2dd8aa22e00176b5179273e0862c8d338018482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78cef28be9e667d55d06bd6874c64a86

SHA1
fee0ffe80528c514b90c796a7808fec3cb200398

SHA256
c52013e333d46c98598a853c8bcda16052f735d1444512947c501c2e9f87c004

SHA512
02a755b6dbe8279ad6dc5d5afb2c15f3349bc8a1c66625792b9e1eb499c5480bc61cd3af3e621368e81c2a8b3400f21abef7ce6bb60833c7e3d59cd0cd66b564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2c57c116316d64e6605696b4dea0bd2

SHA1
93f1d746af7dad51bac6c5e4c45006aeb099bb33

SHA256
d03dad1f124eac8ab3cc0bb695aed00e2a23cbfb500087ed7ad1b429b4283f50

SHA512
be9239628a3c2649aa21efacaee6ac26c17513eae2b05717613ab0d79f2ddaa304a535287ba6d15638d0d112ce308a4c0616a76f5105615433150ac072194eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc581a05df959ea590210c211ecd7c19

SHA1
3f49dd12c8ade53c93eb2ea90d7a2ca5170b07a0

SHA256
29b818bcee0336d985232a3449cfd341d5ac6ebce7e10842123d351f3b64dbfb

SHA512
11a92f69782794ace655eabb42cae431b6f8c8a8fb8ebd5032c0835a381315469ba7006394cbb7241dbeb3041f92aba50a8b600d35dc8ecef6416b04b0a5d60c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94fe834c2328bdda0615eeeb7646153d

SHA1
240f10caecfd0ac074786ed278d5727f02f54933

SHA256
81ae206b4d8a4497faf1c68c78fcc70d2546945bb01dafc9ac5b3602584cfb52

SHA512
612828f2c174200b3c5ba0d751386fda088e179838368a45f56af25a1885a2f8ab85c3ca12b3cc5c710b766320885f2da58ce1eeca33f71f9b95c32f2b3df659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee44551fd3f40552a4ee23dda39c22db

SHA1
ab3ef5d029b696e239799ea1592bb0cfeb8f0c2c

SHA256
d5f5456ba59420f85c2a4b4f923081c38b2bfe9fe423205d4cab8857967eb9d2

SHA512
35cad75d47764eb7c4715856b0bdecc01539a9b8c3afd7a49b28e090578b0a3c73961f716a6c162cb15368c61f43868cfbc6a6c96fb7e2cc4d40cd6cf4af4b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a408c5747fe0b730396195e2a1cc478c

SHA1
4e8e3f836da1f9202dd096f55084b40f8f9f80db

SHA256
b4158cc48338719313ede77dc1c7c65139d5fcfc59fc68be009066815194d02f

SHA512
38dabc27c14772353e60a4d49e3c060dcb5ba4663c3ec294826e0e7e80191301728d90c21ab624417e09f0cdb16b4e8e857e063758c16f57465420480eba249a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86f6bdde660c0902f90ff7afb85900cb

SHA1
dbca8fa7de462566f208f9c572a190b49ad99a82

SHA256
38ad738137ee5ef450c0302ed91afa816d2c097bb2c9d8285a2907f779b0ce05

SHA512
82868df1260108af79a3b22c02df7ea54ab2d6a9e9d50ed7ff919e83f509dee18a15fd88d5b3398d840ec490781875fbf5c0044f1a19a635e0954ad524e4bdfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f8e287c10f8ae66f36af001b434239b

SHA1
764951f18bc08809d57727747d27203d992eb15c

SHA256
9615f008a09027bbc96d57a605416c4bc98d67e021d591cd6895b70ddbbfb3ee

SHA512
5cc0cc1945abc5b92056faeb06a2797b8e4a93acd93418ac29715e52d2a0fa7719ccd89027ee6411ce6aeaeb6d7d4c1769e6d16340d6cd0fb12f45a3b307b937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5af1f2f5622196349dd3aeba48b8b647

SHA1
be92a85798c302efb231bf24adf409a80c13cd67

SHA256
db22794bf9bd068f6b72ebd0cd4fc032c8a2095e2020396b7a39808a8f181ac8

SHA512
4b04779233a600dc5d0c93f93bed247dd6b68359e21a312f9c4c6baacf0f78b1c590cb5b8bbd317a3121f67e6a3defe012f26f480648bd85e3c71dc6f218743a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7541d6d6b78064cd4e5ca631d12051ce

SHA1
876dcc27c1a8590aa909fb6ce54a3beca0178f2f

SHA256
52cf7d87601dcc7d3d9576a0d575c64a55643a807be8ce6a3c6099532fda61f6

SHA512
d7c438c53350d8a32acf2d9c8d798838a751a3131a9d7ff3dacbe78ad702eaa7be8bad38a37ce7f62832a7e1a31e1d070840fadbb66847a179f77dcc76e559ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dbfc542bc6529672e28735ab02827d8

SHA1
8c1c05e1b780265eb70dee83aa054e65d8f9a303

SHA256
ba8dd2667e697657461eeb0a50a2f8f0ec3b4ffd4a68103aabc27a4e4c9ad800

SHA512
b4d3a9d4f0ec908d14deb864695a94e5c6845289768b3b9795b8a81ed665e3345b99437a82e86e13fcbf718c8921cb12622d184ba6226e37538e00fbae5bc972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b26c35af26ab6867fbc06b7bb57ea65f

SHA1
0e6f1f171cdff53f09ecffe120e4b0799007c55e

SHA256
17ad750a88654db0046f1c4b1a56d39c01abe7825cee64e851dd59a26760c79c

SHA512
fac50606904ff82121a31c3bc47b8a16c67bf51ce8ba9f724d6e96f1d9c180861562cccdf7f8f41faf88646dac71f269c44b4360dc4fb5999c0f1ecc5654ab87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4fe9d72e7604d9b26f213fd84345541

SHA1
639e754a5a17f2eb34f511f95eea04daa36ddefe

SHA256
f164d34ba3c118367de4a822f2fa4f925f01e331458eb9cdf720a89528eb101a

SHA512
abb7ac60db0f6d65bd55885d6a596d0e09ffc17dca8703a668431cbae0196a4a43aa9c1233c4e492169f1c8c2db352d7bf458d41481cb1a74009e56467ed8540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab459E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab465B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar467F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{37E70964-0366-4006-8D98-7E1A40A4DEB8}\CCDInstaller.js

Filesize
1.2MB

MD5
698687ac9e653b2c7a1b0d2a2ec40505

SHA1
ad6959510eff569cff355f2ac4c5988a6d6a433e

SHA256
142db397e43384d0af407ad59ed5b64371cf054b7645913592ca72d2d848c1c9

SHA512
29c5971005bac00173c96bc3b7ffc4fd5701d2f7ff5a29fc05bd8832ff2b1c850903ebed72baa6e4bbcaa0c6b14670ba1e59d900f3087c0fdb0453bea5d150eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{37E70964-0366-4006-8D98-7E1A40A4DEB8}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/3016-11-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3016-28-0x00000000076A0000-0x00000000076C0000-memory.dmp

Filesize
128KB

Download
memory/3016-650-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download