7dff0c36876229186958ca3297fe50c71a36e00801e2af57e86eba2bae26cc0f

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Size

7.4MB
MD5

97c7fbdb1534e6bb4bea0e2ecf2ee660
SHA1

da2730f6fa26163202354c5b46df7fc5c158615e
SHA256

7dff0c36876229186958ca3297fe50c71a36e00801e2af57e86eba2bae26cc0f
SHA512

a4ab9f9ed44c87b0a8d828c84d0d65560b4d208b4fcc7b3e12b75f37a2ceafb2d0bbb6cc80367590e33b14128a428939c0663ad84bc7dd3dd98132938aa39f7b
SSDEEP

98304:L/o+sqRtdd8LtT0On9mp0+IAsZYNnuWx94FGoXab0Aq:U+sqRtML9rn9mStmnadXjl

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe = "11001"	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
2136	2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-08_97c7fbdb1534e6bb4bea0e2ecf2ee660_avoslocker.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb92b256c6bf1f7e93501955186b075e

SHA1
df82872ad07a8a3f035b3563cc2f18bdd042e13d

SHA256
f486168ea98d39f8882cf868246032d8353f7e3a86e9e9796baba285a45644fd

SHA512
2f0fba5b5e26a6a67194d5c43b599e9ce9b9bdb1c32c7aaa392178dcf6ffe4272044d25807d01577f91d6e4c1dbbc4af4c77c29e65f0d96d663991f96298b5fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18ea298e9cd8a3a32026b83eb5a3e873

SHA1
f1d4e1ff82c3756d820b8fb8c0fb116fbd3abf4d

SHA256
9b70560f1f9d91271971da35e497e41021093c3fbb909673203110f01b20a9d6

SHA512
da244e5644a5356eba8928efa11faf926918b468dbe60f57eb6ba66f681fadb1c772bb23609202aed3d7f4784e23d512fa659c62eca92077a6d93e66f13327ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
217c3fabacd82df20c9f5f58a6ee24a0

SHA1
b2708f82922b45c0ef3595880a8c93b3b9238785

SHA256
051120b3065bdbb6e28bc08d695662409ed2b421fbe6f27490435c862f6dbcb0

SHA512
944e680ef19c670122e0b798820a9e5fbaf50e355b2c8e5bc3e2137d09fb7feb04fd1325b4889805226a284d82b463e6e53605c5a7de0a5a8ac92917a395e76e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51245cfe8fffab7d6a70b014a7a49df9

SHA1
56f529a06c5b98a71bae8b43247410e8b2bf62f5

SHA256
8c429d96d1a547ef461c6fad8d2fe83b4c9b791c8d4390b67ecab508220c3390

SHA512
cb7b49e31fb0e9e54f1b8efb97853e7c4adfb3d2355c5715062875cff4db1b350d15774de04998e915f37d57f23b2a5de9ef07827cb4ef4b1a6923c2e34ec61c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0229706a8113b79202a0d2e4f7080ae

SHA1
f76202afb5487a81164dfd748dc28f585b7157d7

SHA256
23996d07f956fa3c4e8c81051b9d91bf8dc76f42bb5ebe597f3dce731c3ed309

SHA512
799d5b19edf349e786d960eb3296148d24b12d2fb31aab0c96de50481e33d40fbf5153a2a4803b1720520786e05d52f79a45b5a3805728cb5d18d0326325d533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85fc03d264af41fbeb2ca8904831b43b

SHA1
17f70659cbae564a6d8aebe60a1541659721596e

SHA256
0a3720f59e8af869cefe51da4387dd4308291e9819ded21b839bde67dd5365f9

SHA512
9eea8b372e7fa749a285aec4260472c7640da9b052dc76d929f16c655c443e46512c3bbbe819fe932d2de2da80861f1cb549ca7f300b49fd0155c1e7f3c68c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f074b2b0e34958f8caf9efef349d1206

SHA1
adeef54f92497eb621cf886a4373fc71fbfaa42a

SHA256
34588feed9c0220aea2eeacca7b2dd44b4bb294b55bca62fac87c56a1a6415b7

SHA512
cf3b426c90538ba9544535a1dd63a1f4c3e6fba8f019b757a1d2b0a415ade011d3a3509cc693b87808ca9963efdeca3362511d4e649e5af6d29e757ef284f38b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
937fc5320a3ccaae24b7058fcf373db1

SHA1
5b3b8c4b53e32b0941db21199bf7e1b869d94c86

SHA256
b3588fb520c87e75a1df90ac30f822b91205db754e43b6c08f757b8e8e36e099

SHA512
cb8e4864424a9f1fd3de4e9ab409c53bea0636629ab05b9397315cd40abf86034bab774db4f9468ee5a9a117fbcfc0e6d3f22dd7174ab06c9c5a74abbdf8dca6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36cc356fd0fc74ab34979a4df5b1113a

SHA1
a9e2485b4f4a0c004abe30dccca4799ce0d09cb4

SHA256
3e8967aae82d11d3ff069b5a5b7a8741f43404b0c0e5151eefe402587fb352ba

SHA512
be1960db16677d707e9a6fd793f0245f0de5da263379760fc6f3f724595ea54849fc680adfb3c3e5459f9c4fbe805e0b39e5ec41a5b695afe13724428dd0dd3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edf89655d280666b320c69e0a0dcd029

SHA1
1428255b9881001904b66fd0491dfc937d98f3e8

SHA256
5409dd4c66f3727f1cad16bd3b87c389f34fac468e58a195b6635280385b069a

SHA512
cfe7bb9449f824003c1657461f78b48bb3628d3a5dd5197d19a25a5581d079090529fa0ddb3b390ddae3a27b40cee4e56c9d44ee2e1e7a9f11fae25b2e1e565c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4860ae693997061b3d39849bb0120ee6

SHA1
80f1b9b9008ce908cfbd3d24edabc4a78150da7b

SHA256
2f681d71608fa7894fbab23dfcab86a208ee51574b1c9910b1eeed3deaa5f469

SHA512
e3334dec20e94262400c59cb4f7e7c4e0bfc0ed00950ced8ad14c5a013081240a52aa5113e327a6c2812fd02f98d6bcd0470b6e761233111e9b93a86e2c3ae8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0599cba63e9515788c1f3cf4bfd024be

SHA1
562d665a33bb56f1fd8e95942308629e2f906ed5

SHA256
a5b0d111d4f34610a8220948787e96d91880b7b42329b7ffb888bc19f680b4f6

SHA512
af390ac1138c9ca08887f29fa40f805b8aacf5ff7f8293e9b3e4af844776f8d410eda1ebfca2cdbe05d6d8cc2c830f30fceec1ae27bd80f990bab832951142f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2e39195e24320179d31251269aea86c

SHA1
9b3652fe31003db94f27152d65aaab185b706f7c

SHA256
29368e7400a9c3d29ad748326261af8d9cd17f94fdc57633cf6543cc8f462226

SHA512
f10a7acdb6bd54bebc8cb672030c073605ef4960cbd394639a6cba19f91b45e3f8d0a866fe734d72c2cbeb196a6750ee1ab94aac30c8bcda3d3bce78100de45c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed0a641027d68d1a6d50bb3ebabbb73e

SHA1
af63901f93525d6ea449e64d26fdd8e4d5cd25cd

SHA256
2a6cd4bd54ec684c88d5ba90e75efaaf51f829535bd741cc6c34ab7c730485d8

SHA512
ac848a89776ac79bc6cfaee4adcbfb59d75501a37de2c46d145c0c1117c64ec5d4920e9210e48f9386c92d337bf2db1659b382d578f511f442ff6de632a7b854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8589e6b9403a7626dc2c5e9aee1df5d

SHA1
1d2947eb851652be079a31b3cf73a5acd03e819d

SHA256
49c2e974b2fbaa9b71b25609c1184ba5488758b74b19a6d5f72f59e054943ad2

SHA512
6670c778dae0727a1970fbc59d619cf50bd3e223df3ff580e954179d0bdeeafcdcb2eb082df72b079ff5f00ee93fbcbef9ed0bf70039ed57bc7946354f7f322d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEBE9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC7C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FD10EEDF-8449-48F3-A947-D7387EB3DB7C}\CCDInstaller.js

Filesize
1.2MB

MD5
76d91be7bdb92e541b3face5b94e9f0a

SHA1
22fb1d2239becd45cf81166fa522de1e8b495a68

SHA256
302b9bab186ed0e233f55cb660e0d0e326479e84855f0bb68e7632313238bf11

SHA512
eeacdf9c19029ffc8b9cf876419b86503e019fe3a25ec90a7ba27988a215a67e7f73079f74921d184ff4d93cdf4adca5f95eb10250f96716df5a6c879f389eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FD10EEDF-8449-48F3-A947-D7387EB3DB7C}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2136-12-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/2136-29-0x0000000007B90000-0x0000000007BB0000-memory.dmp

Filesize
128KB

Download
memory/2136-30-0x0000000007B90000-0x0000000007BB0000-memory.dmp

Filesize
128KB

Download
memory/2136-596-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/2136-597-0x0000000007B90000-0x0000000007BB0000-memory.dmp

Filesize
128KB

Download