f15fb62d2bdb4213abe15f9f443443ee5a81385c9fa5376979c32b993793d15b

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Size

6.8MB
MD5

912c3c10b1dfcba4c30891a9359784c5
SHA1

912428ee659be6e2bbab9634a70f936e3560b694
SHA256

f15fb62d2bdb4213abe15f9f443443ee5a81385c9fa5376979c32b993793d15b
SHA512

45e9596d96997bbe1a90ab92f2558bf895d2694c83d6fda8c8dcfb1840c55d934dc8fff4a8f9339aa3bde3df3f55f89067cbdcc0da9b06d57cfc4f7cf9a58442
SSDEEP

98304:B9rOvi3HzBvnKFn0MeYttysOx6VamqSJ5a4fYWb/L5:frOvijBGnBeYtAX+q05aWYEt

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe = "11001"	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
Token: SeIncreaseQuotaPrivilege	328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
328	2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-12_912c3c10b1dfcba4c30891a9359784c5_avoslocker.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e326d8e21859dd87e474873816276c94

SHA1
d864ac76348a90a14720502dd4b9643f4110a542

SHA256
cffc214854470a0580a8ab96dab5354c962ef8991cf4c1b196b1803044da3e2f

SHA512
b6ccd3e9437db2011ad89d212707e9d79f47b9cdc66c1ff84ecf2f66939e6def5c411225abb0c4f743172280ec2ed9d1ffaedf459bfae50785a378fa4f33f524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cbe2f6954a36b4f33ed71c3547b671e

SHA1
4a0eae650204eb929e865f5b27d1d6c58a6f94ec

SHA256
ed70779c9eb7e96a3d3e7e2b0a6ecb33743adaadf21f2cd10d7ee22fb54a2fb7

SHA512
3cbc49fff2bc1a378dd0bb1c00bce8902164252a60ce8df367e2694deab618170e476558cebe259fb2849a4315fd0d40ce77c5e54eca56305b2fb66d979b38c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e2c29689cec81e17f3ef4e1a06a577b

SHA1
bce8c9d9b4f11c3cecdb44d2d622178fb1fe704e

SHA256
57c92cb3a851801decd9e8adda044d94beef71e332e1011999598884ae0a1394

SHA512
dd41e8463218e2d8295170f5ee90f63ef1d52a365238641758258933a2787ef0de2e2a48f764a4e4079cdc30a857fb38699d9f716956e0289f76bad63cc23845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2afb19b7f7e1d83d02623076032e848

SHA1
fdfd4a843dd2c6414495757d9887a311d9051622

SHA256
01f73847d32cb582f7b68fb510c1e54c78f1e6fbef6ad3e3ce12f7576a11193b

SHA512
375945263e1b6cacd0fc792c09834d32f7d466b207c90ceea49bb38deddcda5ef73febaa117f016f39277f0584a61255434f2a3311bd465d26d54e78976f76d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c294eefd5f5fb6a89181cd19d39039cf

SHA1
fb52b6a2e7b0ba903bdf523b7dba77a24e1fb5d2

SHA256
132aede6f23eaa0d8dd4d707b39e7bee609e1cb2b05df542cb77dea0930161ed

SHA512
45dfe2a249f5471edede2fb7d9732f054f74495a7237d883f57e3cc5264356c22d06c893eb4f61648c0ed4f8baeadcdc61211bbd9a95500b22374034c82401ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
637987a491f66a9e5a2c802ebe676a0a

SHA1
92e975922cc2b9f28ca8d78d306ce722d87f9453

SHA256
e0c4864dceed170b8da981cd429e707bc74954a7b0bcd0ddf07d5a9156b1e498

SHA512
74eaa5f21d4efc4d3dfd361b12f42ef167fd8f567bb7f3ddb2fcfbc5aaca177936f7f11d2ab2ca36d13a71651160cf23fef9326fea4337e7fc0deaf792cd811f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6bd78495acbc9864d599023cb345726

SHA1
113da4b1867fd30409da1bc6655e3838a5947412

SHA256
36c715e5abd4bea08ad593bbd98577e07270a913997177c6e6629eb1db713ae9

SHA512
aa807ceb837a70bb561edbc7e9c3f2caa4e24bb3352d05034ebdc42d3576a2251cb59318f553b38d4b42f76fd19bc5cbf10efcd231840d1a5e752cc854f729c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7196ea12c9e634c701aa2722203db03

SHA1
6626b3055c7aa3fe13dd54babdc9302757cb1413

SHA256
75808233941f2619c80843c302fd6c25703c9709fa1b24c17cc5a47c9ecc22dd

SHA512
ad59bf0326efa9fc4a421f77fc139202d9242eb7ac53b1868a5e434b6b2ba63a8007ea181aa506e9b1f0fc47501e7b07ffc972ab788688bc2cea02f143d43817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
754255fff3dcadf8d6af9356900aaf16

SHA1
8e33bad29a2d1848f5e010e477de865756d02346

SHA256
8512e2258986a0bff2029a5d79d1bedb656c0c5ea6d7575feb991af3d74bfe19

SHA512
e357934caf1a09040ac0f1cea701152fd2af14a3f0904c6ca2e4df270867bf6ae20940a7087f1f2bea25e7b3535fb563d6890a5a206835436d48179d988a3005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556217753c141ea8d9969c4038b38c2a

SHA1
66b9e77c41a64dd3ccc0ae37432aa39592c59728

SHA256
7a94c83af3dd224be91bd17128634a0ea892d0d9dfa4253e7ab5a482f8b8c2a7

SHA512
7f009dd0df9da1852e8ef77dd111a42c96ef882ac2ae83ce484c4508e356789ed443e3ce7b1ecef2269273ea0093a083b8748178a9dbea9f03800778840a11b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d438fe9f18fe0aa53e01a6a654962d9a

SHA1
622b5ba85f3022a075f7dcb1a53d8b46dec250bf

SHA256
c5214625bdf038ceb7144f985af02f6dfa5b5320ebb2e2b7dadcd53d839f4e35

SHA512
51d316e268c576b0d1ede1dbb22d2589ff6e14a596e2aeaa28b07b30593adfbc8ccce45d71d61994addd15cf51c9632156d3ecfe999170ec6b1ebf5509106caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5625bfbbe6f9121334c21d47e77905

SHA1
1cbb1d00eacc0e3ae13f7449e80a3b126be036d8

SHA256
bfb357afde1d29c3179292946abf56ac8b6e0e6d724da6e670a8164f2ae4503e

SHA512
fc5afc2956cc6920952adc324733481d4ef29892def08451ed40be1d936219fd2710f9978a51e2af2bf214a01104d060980b27e33820803097d250ce18483e1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411f6662ca3c707684f5379ac529dc00

SHA1
775616da2a63b73a7fb464dc39944d170e85fec9

SHA256
71545a4409b44937dfc8beef3cbd65aae38355c4237ed4b47f04b15ce709f3af

SHA512
caab3bbe594326b1a09b4bdc61883cdf1712ef2b7d45f0707a5106a242ba6a12035a131cf798a8816e27412650f30032be2d4c3643316948c6e7946bb0c8a8fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
325a3f943b3f3616437ef5ab0fd79fcf

SHA1
385d4cc46f7fed6c83124c8bef98b31103f63935

SHA256
9fceb6291649577f6b9257d0b46ec574ce7cd9f8105cf0aeb879fe7738031814

SHA512
1692c097e54f53d35f33886e8f4af6e2c951af5ec56064b680cf34df7c2554abebde73d9e4822c65fe91c2cb4483b37f0e49f91b8fd236bc694c2106f16b3167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2e0fadf36b7574ec30eaa5e2fe29985

SHA1
970163ae0e8d4c3640b083121a54475e134c0063

SHA256
0ad8aa2132cb04bdb9525119d333e4fa6aa2fc34223b53566cb5d5e9ba1b3305

SHA512
70095e03576ef41c82b6143bc300461db81019e40891d0117f1c7309fa39bf11916cc0dea46d9220d99105d702f7500d40aafde992a16210b871ce31bec1e102

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC565.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC616.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9C442646-13CA-470F-B7CC-9C3FB51955D1}\CCDInstaller.js

Filesize
1.2MB

MD5
698687ac9e653b2c7a1b0d2a2ec40505

SHA1
ad6959510eff569cff355f2ac4c5988a6d6a433e

SHA256
142db397e43384d0af407ad59ed5b64371cf054b7645913592ca72d2d848c1c9

SHA512
29c5971005bac00173c96bc3b7ffc4fd5701d2f7ff5a29fc05bd8832ff2b1c850903ebed72baa6e4bbcaa0c6b14670ba1e59d900f3087c0fdb0453bea5d150eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9C442646-13CA-470F-B7CC-9C3FB51955D1}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/328-16-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/328-593-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download