c14db4f709fa70fb70c7f3969cee4177d2641c098e06b1909af77e09addfa64f

Analysis

max time kernel
95s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
Size

4.3MB
MD5

b0a674f3e540801c827953089e6c9f03
SHA1

d0fbeb2bf51324360835e51b80ae0df4f80c760c
SHA256

c14db4f709fa70fb70c7f3969cee4177d2641c098e06b1909af77e09addfa64f
SHA512

fc2132048a7f8b25ca31e1f3f9a570124834a80633ad5b867513a73e87187c0ce2c2bf6cca1337ba468f3bc45c4c14bbf5d9ba39584ba3aa9d3b1e615a453afc
SSDEEP

98304:dpq/d8kCBwlMyQjujDW9tBcg2jGqwwAqWFnhGJ98j02rSYC6dkB3tiXFR:ecP5ujyp8jGqwwtanagrRC6ONtmFR

Score

7^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
4992	startup.exe
4636	startup.exe
4020	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe

Loads dropped DLL 64 IoCs

pid	Process
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe
4636	startup.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	startup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 116	5008	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	83
PID 5008 wrote to memory of 116	5008	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	83
PID 5008 wrote to memory of 116	5008	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	83
PID 116 wrote to memory of 4992	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	86
PID 116 wrote to memory of 4992	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	86
PID 116 wrote to memory of 4992	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	86
PID 4992 wrote to memory of 4636	4992	startup.exe	87
PID 4992 wrote to memory of 4636	4992	startup.exe	87
PID 4992 wrote to memory of 4636	4992	startup.exe	87
PID 116 wrote to memory of 4020	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	88
PID 116 wrote to memory of 4020	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	88
PID 116 wrote to memory of 4020	116	2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\temp\7963B64A8AE3FE11698FEEBBD2837BCC\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
  "C:\Windows\temp\7963B64A8AE3FE11698FEEBBD2837BCC\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_AB0339CB-3EA8-11EF-96F8-EEBB2D38B7CC\startup.exe
    "C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_AB0339CB-3EA8-11EF-96F8-EEBB2D38B7CC\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" /-self_remove -l=ru-RU -xpos=270 -ypos=58 -prevsetupver=21.17.7.539.0.2.0
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4992
  - - C:\Windows\temp\00C3E50B8AE3FE11698FEEBBD2837BCC\startup.exe
      "C:\Windows\temp\00C3E50B8AE3FE11698FEEBBD2837BCC\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" /-self_remove -l=ru-RU -xpos=270 -ypos=58 -prevsetupver=21.17.7.539.0.2.0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      PID:4636
- - C:\Windows\temp\7963B64A8AE3FE11698FEEBBD2837BCC\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe
    "C:\Windows\temp\7963B64A8AE3FE11698FEEBBD2837BCC\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe" -cleanup="C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC;116"
    3⤵
    - Executes dropped EXE
    PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.2.0\kdscrl.rdb

Filesize
3KB

MD5
79a78149e4ef2e6e09cc061338c7b151

SHA1
99505d2461a18f16d4d185603887c60e226347ee

SHA256
e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

SHA512
a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_AB0339CB-3EA8-11EF-96F8-EEBB2D38B7CC\dynamic.ini

Filesize
142B

MD5
f440a0737021f57dff1a5df5ee48e0d7

SHA1
743e80d0eef6e830c0560ea9b997c986111cb668

SHA256
4eff82e8d89a4c4a6f7c924497d8125ee5a061404e6716770059b70333295875

SHA512
ccde6e8cd3a5c1413182c36c9982b4e4413079135b1800ec039e091092ff96e73be4b5a25bf2fbcaf81bad51694be837e5363f5cf807e1516f4bca203a79dc27

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_AB0339CB-3EA8-11EF-96F8-EEBB2D38B7CC\startup.exe

Filesize
4.3MB

MD5
a423a6a12fe4e5958e22d4382e3e8124

SHA1
e9932b58b88a55c0f958729d909c7425a8d37541

SHA256
e81dc2c3ff23d7ce547c7109a78ed876158f6f92cb684fb6256824f0800c0db9

SHA512
f0e8f6620ae0e8b82d20e1c46c8fc98baf1bc47a3bb5075bfeaa59eeda1ab3a1deefe0c6b6c24201e4cd64dac070b5ad28bf951a7a69e4b3ceb60720d0676994

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\au_setup_AB0339CB-3EA8-11EF-96F8-EEBB2D38B7CC\static.ini

Filesize
582B

MD5
13a4da47a7085f970e4e4d4d547bb773

SHA1
13e14e2d90cc4601d6b58e3fadf8736f9988314b

SHA256
f5605d80f311149437eea08444588a0a30e22eeb3fecb8d0e0a042d4e05dc81f

SHA512
cfd48edb7d8fcac15d9e1e4c0ae0dc4690044c509adb2e4b0ce21ae155a214610a24f3e9c472a1e687f863dd2aa88a82249d00f4bb16507729dc2c7f5ab6fce1

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.372.0\kdscrl.rdb.z

Filesize
5KB

MD5
187dab54c9e075a9acc0871e80fd3c9d

SHA1
b0ddf9062f5a6002fb56ae2b2c46e1ed80b4d5ef

SHA256
6227f5bd70eaf3cce5a2b769cd82a22685b8df6c8bc18fefd83929229282599b

SHA512
8912edf45c1d3d31774951c0fcdc9defa8dd548636fe4832ed8a144a299e186437c212c515bb5e4fe1c60429ac8a1ce803deb1d98cdc916b6bafb6ca06d0d57c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0B532F86F8BFE69BA8D4B6BCF6B9C594

Filesize
318B

MD5
d462c32971fda5b905bbfd64d53ebe62

SHA1
2bdc66a5fe9022716751dd6609e0085a764c5198

SHA256
77791ad7761fdf09b6e909fc7fbe09419d344d7e7ed8e7ec07455de66918196f

SHA512
61461f45babbd9ea338c81973f4bf530e2750a233c14a469a3f209c01beb9558a9f7da4bafa992f2d86f4058c1ec283a4e609f20a683d56010f99f621448c003

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D7A5A0B8AE3FE11698FEEBBD2837BCC\setup.dll

Filesize
5.6MB

MD5
9466235f30b5ed61e6a70a3843d5d9b4

SHA1
36b31c9b79df11793a374e93e4e7b6611deacd8e

SHA256
83499898d0ec51e2b6cf52ea913c3f8e864b7e5d9e93a89e0014ff81e14d9337

SHA512
f02e236b4a0dd0b8c55714d80563d620075cce2cc9ee09e3ec742296694916fc4a40769a7fd9fe4f6a96822622ef528d62c5e059b0e66a6038c41ff80dfc8d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.setup.ui.core.dll

Filesize
89KB

MD5
2c8f5ec07cb84d844e3fdee32b2a8e00

SHA1
2e27daffed27a7e6ee3adc50eef1710da318ca32

SHA256
8d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9

SHA512
ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.setup.ui.dll

Filesize
278KB

MD5
1bebc399a1b31eabc3361169df0316d1

SHA1
56091143fafa680dc65dd5f2b5d6fafa94590041

SHA256
894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b

SHA512
d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
baf69d3c6977161e0c2b631b3f9958d4

SHA1
a1b2982c11811c4e5f6bce95f3072a855d11c369

SHA256
e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc

SHA512
2fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.setup.ui.visuals.dll

Filesize
420KB

MD5
6181240bc579d2dfb176a1ca260f5a90

SHA1
eb13b6cd4a242c8399396795d1863954b8d79507

SHA256
b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768

SHA512
f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.ui.framework.dll

Filesize
264KB

MD5
2ad2ab4f8517da8e2efdfed22ad49f1e

SHA1
55916e3e5c4c40cf2e5644fbad07baf31459673e

SHA256
6efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7

SHA512
12800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.ui.framework.localization.dll

Filesize
283KB

MD5
079ac68d4beb2ab9602d754b09ff652b

SHA1
90032834cc5cffd0b00119e4e38b5f4c5f877e4c

SHA256
9377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e

SHA512
53782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.ui.framework.uikit.b2c.dll

Filesize
631KB

MD5
445e34aa976419cae54e13ede8d41ce5

SHA1
98ca3ee808f97ae16970b0fcefd3387bd07278eb

SHA256
a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24

SHA512
86b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\kl.ui.framework.uikit.dll

Filesize
2.7MB

MD5
18defb1e3b7460f592a8ca61e4b40ff0

SHA1
8f8f7d7d1ee8a048d162603cc21a0f4c40b9036b

SHA256
02a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d

SHA512
7cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\setup.dll

Filesize
5.6MB

MD5
3278c1155c263b1feed37a4485e07464

SHA1
25c405c0c4b39b3542874bdd927db147caa4a645

SHA256
c3794a5439c3b67facfde818d9f08ef9913c08fca2fe658f84bc22133ce1711b

SHA512
da08c6ea3e994ad452a6343a1f3029fff5dc122421b8a7006762a357e94691efb1c21f3e5a39635d64b82b49290227ba9524cf7b8b12f572ff3cc8e9aebc0145

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
a56a73b39703d5ff85b5cf12f9b00009

SHA1
e6448c87f969e19ae4c6514d69d8286d26a2b5db

SHA256
bb5966185017d904d2d7fd952bcc6d5c19fdf6bbbe34ab29c63a3784cd1074c7

SHA512
7fa07a1fcc0735186ee71b3c123b1c4076f04dba5ad319588ea695ef117ab7c39918593e4ee42f18cbd3fe01d043e896981ca6f07293fc2fb0a9bce5d66992b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectorcore.dll

Filesize
201KB

MD5
24e3b7177eeabdf085a01796b49c8e55

SHA1
6916a0bb98892252f59692fd0405e6da62af0f8b

SHA256
eab963926cf2d62b575c6f33804372fea04db328b2b3f0adfb45fee3f27e5386

SHA512
5e377e609673f3d84e22d070012578b8a18fce848a3815d9da05e10043d3e9fde8070094d1841acb44a4f876d8741e371a5fbcc86cce80cdf826131370a41e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectorcss.dll

Filesize
109KB

MD5
726d04bbe783a3510b18a491adac05c0

SHA1
11a01c68204dd80b32c01dcdb2e51f5b0ee34d98

SHA256
639e091c9e87986eaf9fe00f0f401834e14878ebc48084697fd4307713a065ca

SHA512
90592ddef83b6640cf8f28f0818098f95acc4139c7b3f5e8afa63bb873530be1613d42ee02dae12160737ee612187fc0139e19ee4a7f1abb3fec1fcaee1ae297

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectordom.dll

Filesize
55KB

MD5
e4f6efef27708458ecda4ee22edf3cef

SHA1
07ccb5fa980dead816737ad83802cbfed18e4a4f

SHA256
413e485d8dd07231d70107d86ee1a17ce705517aed8346b4701747d1fdbfdfc3

SHA512
4920e508304df14041df1189938a1102e4a71e2e57ac4b9b804b6b0405c89c8292012a5ff4dae21268204ed6d9b56a279f4ce18d709074d1cba71cc9d5e11a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectormodel.dll

Filesize
998KB

MD5
225a73e5a0cf87453832b578db6daddb

SHA1
a36717a1b2c7eb2ba160fec5fa80e48b9e57c4ac

SHA256
0499708762c56b9339c980e731ffab294e9b18362af3dcb4ad4481f1c7bd60c1

SHA512
565ee2105bd626650857e0e6f9c8f7d87a68c3ec41923de119a3b710038a4785e16ccf79feb4c1c4f8a308f682163089228ac4ac81295cea754ae1189311c965

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
faec58e7785c287a7c688f274207048d

SHA1
66c038c720035b7212a7d3733da4520e3b95d63b

SHA256
4c76dd0441a8021a308be24cf0c1957bee280451abcc1467acf47f1a6f7f5dce

SHA512
9269a91a5bab01f076d8e9fde2991463fb224dc6382f8cde3a118e83cb35bdf580b4ea7686f2ea767a2a9c04650222edfc3a8b2569978b734c51b7135915448e

Download Submit
C:\Users\Admin\AppData\Local\Temp\77CAF94A8AE3FE11698FEEBBD2837BCC\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
0e203d24d04e89779638dd70d5335b39

SHA1
98ffc3718c6e34bd6d696bbcce605db666f99b01

SHA256
f15b5199850b8ed98d2202972ada759823a17893a68d60ca3a0f76ee31aeb204

SHA512
a07f54cce2add948340807b8ecf430e72c07032332046e5dd05d9da90f7d732921c0ff628592ff0710914ec9d9b7188b46377e1594a9f9809a107a022de1cfee

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\GuiStrings.loc

Filesize
22KB

MD5
09c4e9f41c4b8bfdb6bf8916af730ecd

SHA1
a215913aa718b459d8e3c13dfd22e5246dcff38c

SHA256
57bf969d3c10d5be0a4b31b8e530c1e005622c8dc809ee4fbd4c214f3b3e9a37

SHA512
7767639c5e068fd3e83a527dfce0345c902673e50102a6c5ba3998ffa2d16f0417a74bee15fce9b6825eabe94f6d36c4528cc70c4541294415b26b9f0f64937e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\GuiStrings_KFA.loc

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\GuiStrings_ru-RU.loc

Filesize
56KB

MD5
e9d3e9bbd35077df011b7a8071c00133

SHA1
42f8b201c8dcc6397978158c8666ab4f2c0bcc35

SHA256
8eadf21cb11d56a546e53da1cca3488321b0f1950a5b34d2ca75b9a9a6193871

SHA512
097fd4dc8429f125b3ec3eb8ca5361b20f0ecfd4db537b1b469f6d50fd6d471b1b93707a9d8326b4e18bfb85d3f9c447f69edb309a430bbe04e6a7cf6c9517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\GuiStrings_ru-RU_KFA.loc

Filesize
732B

MD5
b7902cb23b80b84f5cf8e1444e1c6683

SHA1
847a1d98df8dd5237aa8562b28984cff6b2fe155

SHA256
54b4bbab13686976afa58916170cbce73c81bb3740f3a279bcfd318bb16a6c93

SHA512
b452ca8c689c4c23d64859c41555ed9ee5f24ec70f03e9c6c62e7e0d6db05a143c84a0589daed4114dd16d5b9b02fa2d5b6adf7a5bb4aade7eb35e96abbcf81c

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\downloader_neutral.ini

Filesize
18KB

MD5
417298a7f5e3a0fb309869a2ce0e36b3

SHA1
03bffa178720fea462dc722942b0eb80e197cfe3

SHA256
d1e9389ec3e8f9b808fffd3074801fc7f0ac688aa24f08a2981b00b54950035f

SHA512
4f66af196e2c3be22a48c70c547ae40e5ed9c41833fc9ec6151786f19988096dd3e2a18d4d670a7f1851e8027596cbcd09bef1e4239d807c442f184f7dafcfec

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\downloader_neutral_KFA.ini

Filesize
1KB

MD5
2e10b2d4181d2f07d2dd305bd4285bd5

SHA1
9c05f3e03bae36da24a62b08729074cd12b0077e

SHA256
cbb72cdc1e461226c7d0e49e7ef955f77dfeef4f7fe12d0d8a8d0cf9658edc78

SHA512
a1bae84b8a9c0833bbadf29d4532b64f0216d7c1c13be2b4ebb75dd4d2b18244eb67fee52743745ed0a5818e745cb9aae9a8bfdc415ff59ee8aa7de77f122819

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\downloader_ru-RU.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\downloader_ru-RU_KFA.ini

Filesize
228B

MD5
7779fd995969e9fa9eaf7a4726d1a11d

SHA1
1d9d8f9a9ca13affd712f09241c8a0ab6e5e5e0e

SHA256
ab597eab4bd1bdcfc150e793b3e9c32bf9134e6ba5f6a0dac2bf8fe421c58356

SHA512
919f10e01eb4f66fc4cd48b493d08843dfa8c451b1d7f651570755fa3d6734439cdc332fec6bf1b53a29242cf1ef8a64c432fb56233c04ca362c57c2a0106727

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\html\yandex-logo.png

Filesize
10KB

MD5
799d56127b9caf682da75955b17148cb

SHA1
3ce8f4ee0a252aa5ec3207596ede45a164e2d70f

SHA256
1f9bbad0dacaab3b0ad5da494ce69cd4eb042aeecd5a33842f5f5523fc651b65

SHA512
544582c7fbaebb295c447e32e56ababc33f3b05c344039cdad4d11c98f0db27d3e50caab3efd0d20c8c588789da88a7a75cf4ea1db90fdb68c1c15bc5cae7772

Download Submit
C:\Users\Admin\AppData\Local\Temp\A49FAC78-3EA8-11EF-96F8-EEBB2D38B7CC\mykasperskyfeatures_ru-ru.txt

Filesize
8KB

MD5
a38563bc8e31f082e2d8fe9124c83973

SHA1
01f77a024b4a128520ba62b0b13108c15a71bf45

SHA256
f1ac5f177a4183463b655c7eb1afbac13c5955ceec1a512d16a89c9d77fc931e

SHA512
4b5ebb658e5d1ee04310f926b37765f7b6e658f6a66687ece3b935cbe2e3ce2d60f33bc57881a70db9e669b8174881db14d28da004db4a3c06196355a07f9f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\discovery.cfg

Filesize
30KB

MD5
a646fea0a0e38de770bcc696f6d458e3

SHA1
49c73dc90bc7e9d680f613a1171a96f35f2e5389

SHA256
b46fa5a6e4eedb5cbca0dad7fe65fe8233149a0650aad9833956603b802c564e

SHA512
20cbb394ba16df14e9d3d1fbc261b20405e15d92b32bf291044b1e603743b55256cdcacbeeecffd928add16c947920b3dff2b5b7a1bec06fda7decc619cc8355

Download Submit
C:\Windows\Temp\7963B64A8AE3FE11698FEEBBD2837BCC\2024-07-10_b0a674f3e540801c827953089e6c9f03_avoslocker.exe

Filesize
4.3MB

MD5
b0a674f3e540801c827953089e6c9f03

SHA1
d0fbeb2bf51324360835e51b80ae0df4f80c760c

SHA256
c14db4f709fa70fb70c7f3969cee4177d2641c098e06b1909af77e09addfa64f

SHA512
fc2132048a7f8b25ca31e1f3f9a570124834a80633ad5b867513a73e87187c0ce2c2bf6cca1337ba468f3bc45c4c14bbf5d9ba39584ba3aa9d3b1e615a453afc

Download Submit
memory/116-133-0x0000000007FE0000-0x00000000080DA000-memory.dmp

Filesize
1000KB

Download
memory/116-194-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-129-0x0000000007A10000-0x0000000007A42000-memory.dmp

Filesize
200KB

Download
memory/116-124-0x0000000006B80000-0x0000000006BA2000-memory.dmp

Filesize
136KB

Download
memory/116-9-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/116-120-0x0000000006200000-0x0000000006234000-memory.dmp

Filesize
208KB

Download
memory/116-137-0x0000000007A50000-0x0000000007A6C000-memory.dmp

Filesize
112KB

Download
memory/116-115-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-141-0x0000000007980000-0x000000000798E000-memory.dmp

Filesize
56KB

Download
memory/116-111-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-145-0x0000000007C00000-0x0000000007C12000-memory.dmp

Filesize
72KB

Download
memory/116-155-0x0000000007FD0000-0x0000000007FD8000-memory.dmp

Filesize
32KB

Download
memory/116-157-0x000000000C1F0000-0x000000000C1FE000-memory.dmp

Filesize
56KB

Download
memory/116-156-0x000000000C220000-0x000000000C258000-memory.dmp

Filesize
224KB

Download
memory/116-92-0x00000000079A0000-0x0000000007A0A000-memory.dmp

Filesize
424KB

Download
memory/116-102-0x0000000007AB0000-0x0000000007B4E000-memory.dmp

Filesize
632KB

Download
memory/116-10-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/116-88-0x0000000007290000-0x0000000007550000-memory.dmp

Filesize
2.8MB

Download
memory/116-84-0x0000000006D80000-0x0000000006DC8000-memory.dmp

Filesize
288KB

Download
memory/116-8-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/116-467-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-182-0x00000000738AE000-0x00000000738AF000-memory.dmp

Filesize
4KB

Download
memory/116-7-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/116-125-0x0000000007B50000-0x0000000007BE2000-memory.dmp

Filesize
584KB

Download
memory/116-40-0x00000000738AE000-0x00000000738AF000-memory.dmp

Filesize
4KB

Download
memory/116-202-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-44-0x0000000003240000-0x000000000324E000-memory.dmp

Filesize
56KB

Download
memory/116-47-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/116-51-0x0000000005C80000-0x0000000005CC6000-memory.dmp

Filesize
280KB

Download
memory/116-80-0x00000000069F0000-0x0000000006A06000-memory.dmp

Filesize
88KB

Download
memory/116-76-0x0000000006430000-0x0000000006472000-memory.dmp

Filesize
264KB

Download
memory/116-52-0x00000000738A0000-0x0000000074050000-memory.dmp

Filesize
7.7MB

Download
memory/4020-466-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/4020-464-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/4020-465-0x0000000077250000-0x0000000077260000-memory.dmp

Filesize
64KB

Download
memory/4636-200-0x0000000077260000-0x0000000077270000-memory.dmp

Filesize
64KB

Download
memory/4636-198-0x0000000077260000-0x0000000077270000-memory.dmp

Filesize
64KB

Download
memory/4636-203-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/4636-199-0x0000000077260000-0x0000000077270000-memory.dmp

Filesize
64KB

Download
memory/4992-195-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/4992-186-0x0000000077270000-0x0000000077280000-memory.dmp

Filesize
64KB

Download
memory/4992-185-0x0000000077270000-0x0000000077280000-memory.dmp

Filesize
64KB

Download
memory/4992-187-0x0000000077270000-0x0000000077280000-memory.dmp

Filesize
64KB

Download
memory/5008-2-0x0000000077240000-0x0000000077250000-memory.dmp

Filesize
64KB

Download
memory/5008-3-0x0000000077102000-0x0000000077103000-memory.dmp

Filesize
4KB

Download
memory/5008-0-0x0000000077240000-0x0000000077250000-memory.dmp

Filesize
64KB

Download
memory/5008-1-0x0000000077240000-0x0000000077250000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads