Analysis Overview
SHA256
d92bed2d8c5bfe9c305a1256a9b5b025613be9fc4663c8ccb4387d2d06bd27df
Threat Level: Likely benign
The file 2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer was found to be: Likely benign.
Malicious Activity Summary
Program crash
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:23
Reported
2024-11-10 01:25
Platform
win7-20240903-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe = "11001" | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | na1e-acc.services.adobe.com | udp |
| US | 8.8.8.8:53 | cc-api-data.adobe.io | udp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| US | 8.8.8.8:53 | cdn-ffc.oobesaas.adobe.com | udp |
| US | 8.8.8.8:53 | client.messaging.adobe.com | udp |
| NL | 18.65.39.68:443 | client.messaging.adobe.com | tcp |
| NL | 18.65.39.68:443 | client.messaging.adobe.com | tcp |
| NL | 18.239.18.121:443 | cdn-ffc.oobesaas.adobe.com | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| IE | 54.74.179.44:443 | cc-api-data.adobe.io | tcp |
| US | 8.8.8.8:53 | lcs-cops.adobe.io | udp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| US | 8.8.8.8:53 | lcs-robs.adobe.io | udp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| NL | 18.65.39.68:443 | client.messaging.adobe.com | tcp |
| NL | 18.65.39.68:443 | client.messaging.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 54.186.192.149:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 34.250.67.152:443 | lcs-cops.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| US | 8.8.8.8:53 | ccmdls.adobe.com | udp |
| GB | 2.19.117.89:443 | ccmdls.adobe.com | tcp |
| GB | 2.19.117.89:443 | ccmdls.adobe.com | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
| IE | 54.74.179.44:443 | lcs-robs.adobe.io | tcp |
Files
memory/2364-12-0x0000000000EF0000-0x0000000000EF1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{FE0FD23A-9AAC-40BA-BB0E-1DC2FC8D4136}\index.html
| MD5 | a28ab17b18ff254173dfeef03245efd0 |
| SHA1 | c6ce20924565644601d4e0dd0fba9dde8dea5c77 |
| SHA256 | 886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375 |
| SHA512 | 9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6 |
C:\Users\Admin\AppData\Local\Temp\{FE0FD23A-9AAC-40BA-BB0E-1DC2FC8D4136}\CCDInstaller.js
| MD5 | 7c577a9f582682f27eef11030195b57c |
| SHA1 | 3b517edd713615f353ac85d910b0e7df4aeeed47 |
| SHA256 | ac03e251735b01492afaba4eda6a22f9a903b73ae2c16e5a7cd176db43275a03 |
| SHA512 | 91a9dca69c477a0d8d8ee085eff2b7a89ac1c535aad0a942b4d068f80bff5e4a1f6b507643046d820e8150c17a1e5ef322f266d4f9d12a6592b4a972c054db4c |
C:\Users\Admin\AppData\Local\Temp\TarD533.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabD52F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bb37d9fb9caf4e9c7d3f0db7bafa0d4 |
| SHA1 | e41f04e5c9a2d11acba6cf3e34ed4e89edda04dd |
| SHA256 | 12748b4c27540dc436edfb758cabe791cefe68010e5471f1e19da916f17016df |
| SHA512 | 8abd1927a9cbe3104154a151f6025ecda5f3530938afd7d14266920acda446fbd8f4ccfea5f258295044398ff27ea47ef0e8fb23f8cecdef919a6a2ee063c3b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47c9a1fb352a0a572626a532ebc7a0a7 |
| SHA1 | c31710857280c5daf138d2f966e13d46869bb938 |
| SHA256 | 33439d0eeeb047e011de45ec8eb8dc74af8e949fe36b9c3ae2461ecb01a92a5b |
| SHA512 | 3771b60476837483279b42bdda92d294e5b14c509bd77db5bb89f3ee0a3149c4c81e364a7e8f5ddc168cbc8dbb61b520ac11e77f2ddefcd111355570fd42b345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34f357fca428a77b37ccc27eceabf167 |
| SHA1 | 69e8075932294e1de984926c19cde5ff3fcd64c0 |
| SHA256 | 2a0d987aa513a581feead35c1186fd49e1c6a92b7ec7a50857bc927a2f57df2f |
| SHA512 | 953a0cecee87dcb750fda06bf1918b5c7ac112f4c1b6870150e9f041c78908eb1b1cced18ebea558943ed8bda08f94c3c821379612b85a4402a931e59fa6fe74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e156272dd63674b51e9702f8363e966d |
| SHA1 | 79dd41481f17ca4a8ffe98cf8cfa12569874aacf |
| SHA256 | b00319e74d78bf988c2cfebf8370b804d8650d81586303ae876af20b77d6b4b0 |
| SHA512 | 78fea1cefb726889307c20af818094fe98f1935fe55948b0c2a9d06fd68191a22e4bbe91eb1c74469a34281716b76a58038a3753c768340be75f742325c616f8 |
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid
| MD5 | 18df1313e916832817c2323f1c3bf8a2 |
| SHA1 | b2eb162f29b6c6a5c851e99dcfc92f62e89a76d1 |
| SHA256 | 2bf4cfc0a762f81d815878fd6d017461bdd82affc29773a80219067a1a6474a8 |
| SHA512 | c36a3339c9024ddf467bce5d1a3bcc8887f87361a8a3ebef4a7615a8d2f36dbc783167175270c56e6f1820afd7d3ffabb41fc715819379e6a9d4a01da572d996 |
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid
| MD5 | f28eb27dfa304348888e15775e4c8311 |
| SHA1 | c916fb67172ef6260bcf5dd3a8df60b8527e82a4 |
| SHA256 | 8236292aca589dcfed9ae762430227709fd33b289a7a33db1c3a13acde3afbc5 |
| SHA512 | 5052debe5065c0e7f57ba0c2e57ac45c56e0f25686bfa1899184493560190a8cd7c731fc464a69b7cc77c713c474f2d81db208ca2abe340ca77c385500b8f375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21431d276f6caa8798226afa2ed4f8b6 |
| SHA1 | 71328e528dad43f581cb64507c480e304e2c8801 |
| SHA256 | 331b362a6b1184c7ff13a690e14940d3dde527734fe9dc3667f58486fc87380c |
| SHA512 | 0c7006845276fdf080d0c1c1d41fed6c609e8676dfbdf900282b2cfe7744231a80d637861d19a589112cd13992c10b13e8d9ae53aa8737108f85ddd72c56458e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6686e1c9e79b8540e17050b2a8da8d1 |
| SHA1 | 6587ceee78d5d3e7a7750e2388bda2f1d52a277c |
| SHA256 | d829589da5d7a56732acd18981dd26228142b756f941482dfc7f5bdf5dedd70d |
| SHA512 | e4ec6cdc677e0ba44ab5b454c1fb6a8dc97cd37c809db3cc9961a0d25d558072e0897fd9604f10a9f237806e7bde0d6b51cf9d8a850ba16eb8100310e1139e68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 428e57d0bf30c715e5cd69321168e9bb |
| SHA1 | 1d62b73f8e1dcd1015b57b7fce7b5a063ed33d64 |
| SHA256 | 6900660a1be692a2f948fda1beb43e7d221b82497dc00dddbe1df1ac5a4facab |
| SHA512 | 7d2340a61c2777502940884dc66ea0152ac4a5ed963e506a7a0c600a59b109c251708bd641d2be5a8b55329bd4f573acdf73a073ce5b274e478620b2980723e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 035931c19924170c4111a0ca36d55d61 |
| SHA1 | bc7f61b2806fb60f602d33c57716ab51b9390048 |
| SHA256 | 4f96d121f52b2673356e686b9d737e37092e966677558a1bbe95c9bb85424df0 |
| SHA512 | b0da7a626c166f6436f683ca3f29761e3576305a2c8dbb61c2947f480307b547b5024382523548276d096b44e2ca629c6b4efa777a1b03babb8e7cd54f9c1b4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a381161de4e9f9fbc30b25df1dcf22b |
| SHA1 | d2dabe1d806448b57f19f21a1caaa8e55031deac |
| SHA256 | b0c5862e3d70a2943fd0355f4134bbc905fc274489b21695081953a063f73c62 |
| SHA512 | 13c459d9ea5fe2b2eacf534422baafba6a82224f267e1dcaa1f682838e43f365bf0ea724eb361ed1fd535aafdc0740b88cb7b326305b0888c0b8cbce876d719f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c88ca2797be4f792a248a09b24aa54e |
| SHA1 | 01bb3521b1a984385983c9a23034b6db05c77e82 |
| SHA256 | 28fc345fcd0dd5a6ecea4ed9b1e6dbad8161cab1e3d642ff11e4562a1793bc8e |
| SHA512 | bdb6d807ed6ebce3328f80ad21cc80f43c05e5a491fdb997fd9bd820f617bbdca99d03f0ef8ee933d21b4340d58a91cd79ef88e88c509be912ba9e19d049b508 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba82c29b2427ae6a60b7f9f3f22b8afe |
| SHA1 | 88e4e3b7521e04cc24c036d9c427a0f890d4662b |
| SHA256 | 20e382ed243fbb7e6c07c67a31738bfb71a011103d4980f38568cc2650b3a12e |
| SHA512 | 9121179f87460513dbe4947335620dadfc8ca3b6a8111212a0a30b598f3f0c46c55a386821e7c74f24c5c01794928bdafbd1383ac6d4d7094e89d6a2bcf9afe4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 464f19f66dc8647815b574d8ff69a710 |
| SHA1 | f05d04a97d960ec7f4555e113a493cd44e191fc5 |
| SHA256 | c8cebe0c9988b8105a54653585104c72d8177d5f1a75d1ef0cdbfd2d7e8448ea |
| SHA512 | 936637ec3f8126076261129b9e85eefc30c4bdd529d63c6773bbf081cdb40652cf6fdae44357f2dfdd24f41e977278f98389bdda6bfd15a33d16b5bb6ef818c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1af7c7cca62644a1023285b6c0c130 |
| SHA1 | e958ed732e21025a962b451440ee6c6c3c5de0a4 |
| SHA256 | 44a4acb88a8d58f73dfb2aaa5dbce9acb0b187bbfcbda97350f044b2fbd7fb6b |
| SHA512 | 062e2b2b8f80c954b94feb0e1f94b8fdfd09f95a36d7f995178177dc6027a5424325eaaaf37094a8bc65df8e3f7a2f73523cb26234f9b00a02066c87e408813c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381a8da5cfe1aeffa97b092901f7639b |
| SHA1 | bb6e0f0fadde071910a485a5eed4ecd783648fde |
| SHA256 | 6e297da07141fd6fb1e3962b391bf085508eaac8d7f8f1664d55daef615f63dc |
| SHA512 | 5fae4b0257023e8bed799524a6c2e5a67c9c9078577f5847851b4500a48c897ab01178d98f7f043361bce49c510f19bf644f15c2efb793f01e80a784241ad00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 005656e7957e76871d6cd1d1dcef042d |
| SHA1 | c8c3176095d56bb10a1c0757bbb4bdb2296efdd7 |
| SHA256 | 0f2fb8173260c5c6b7ada8893d1bf473c3817b203f1f1c8811e9ccd6fe23566b |
| SHA512 | 2ff03751fccaf3b296c0146b4c78af32bec23f7b2b062041b183659c99383b7da97be72220db8a4b06e0841f7c93b814d959d5389586b1bdd1fa718352d10ccc |
memory/2364-649-0x0000000000EF0000-0x0000000000EF1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:23
Reported
2024-11-10 01:25
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
142s
Command Line
Signatures
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe = "11001" | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-10_00a14e5517c65f439269b6bea7504f68_avoslocker_luca-stealer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3768 -ip 3768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 2408
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cc-api-data.adobe.io | udp |
| US | 8.8.8.8:53 | na1e-acc.services.adobe.com | udp |
| US | 52.25.171.102:443 | na1e-acc.services.adobe.com | tcp |
| IE | 54.77.72.255:443 | cc-api-data.adobe.io | tcp |
| IE | 54.77.72.255:443 | cc-api-data.adobe.io | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.72.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.171.25.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\{1358A189-DD52-412F-A037-C6A89AF84853}\index.html
| MD5 | a28ab17b18ff254173dfeef03245efd0 |
| SHA1 | c6ce20924565644601d4e0dd0fba9dde8dea5c77 |
| SHA256 | 886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375 |
| SHA512 | 9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6 |
C:\Users\Admin\AppData\Local\Temp\{1358A189-DD52-412F-A037-C6A89AF84853}\CCDInstaller.js
| MD5 | 7c577a9f582682f27eef11030195b57c |
| SHA1 | 3b517edd713615f353ac85d910b0e7df4aeeed47 |
| SHA256 | ac03e251735b01492afaba4eda6a22f9a903b73ae2c16e5a7cd176db43275a03 |
| SHA512 | 91a9dca69c477a0d8d8ee085eff2b7a89ac1c535aad0a942b4d068f80bff5e4a1f6b507643046d820e8150c17a1e5ef322f266d4f9d12a6592b4a972c054db4c |
memory/3768-24-0x0000000007320000-0x0000000007340000-memory.dmp
memory/3768-25-0x0000000007320000-0x0000000007340000-memory.dmp
memory/3768-34-0x0000000007320000-0x0000000007340000-memory.dmp