Overview

overview

7

Static

static

CCSearchIn...64.exe

windows7-x64

7

CCSearchIn...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCSearchIntegration64.exe

  • Size

    26.4MB

  • MD5

    021a7e73036bd6866df3ae1d5ebdd104

  • SHA1

    45f4aee4c518d2a5efce43f5d0973f8523db34fb

  • SHA256

    c3f0057a5c2a65372685c0cfdd8d383a5b06940d179ea53705d12488773c7b85

  • SHA512

    8c46427075095fa032ac883a890c0f563aa17d717056405ab6877482af3fe679ab9797c835ab7cbeabbbe4a14a5ae4f22d3c7d875392aa2e71c0307736c73976

  • SSDEEP

    393216:7MpatItqeXB0u0e4vkoeo99s6wrvY2TSNwWC7TV6LhMCNQhiJZhV1:+Bd0HSrA9Go

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCSearchIntegration64.exe
    "C:\Users\Admin\AppData\Local\Temp\CCSearchIntegration64.exe"
    1⤵
    • Loads dropped DLL
    PID:1204
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Compress\Raw\Zlib\Zlib.dll
    Filesize

    120KB

    MD5

    c633cf96f13f9c09baf94179f50a6197

    SHA1

    61f383928c55641b725ff8fb742234df736a2905

    SHA256

    199a2b01c61993dd9c27d22dc9aa789fd4dd3237df1b20b6aa9e8fd06f60fd9d

    SHA512

    6191431fdd1fe109a3277ea27eb479e4cbb00327a9a5b3818dc838eb77df8a702b7797e40fe8af9046d3de76defd20a00cf2768d6a7d27ceec279c5373808c73

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Cwd\Cwd.dll
    Filesize

    10KB

    MD5

    3e90d59035175dff621d3b84b3d3fee5

    SHA1

    b3d54f6b9d4d869e098079a80880a2f0a3688c53

    SHA256

    a1025897fadca4b230171e833fbbffcc78510551c3696402d25c0c9a276c9b6c

    SHA512

    db642a9ff5abad16153b0efe582f09a660ca8b87a18482b7963c36e1c189105811c2eff9fab157b638c4301772a2d8fcbf75aa2b043c2ac1c971aa0d43c09dab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\DBD\ODBC\ODBC.dll
    Filesize

    121KB

    MD5

    99fea2aa7eddede4fab757879c507bac

    SHA1

    37d970fad321bf4ef582390cf06dc6114e3c9ae0

    SHA256

    2f231dc5cc2939fd024bed07b99949bc428443cd445613e3398f77bd6b9edf24

    SHA512

    feaadb90a8a2c436ac78274943f345ac88e7631cb3fbc7fabc55004ccab446da3d85780e5d535ae0a649d2fbcc459d33ec371e848e683807f68fade08e0acd75

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\DBD\SQLite\SQLite.dll
    Filesize

    1.2MB

    MD5

    ff695e10d51eb5e4ccdcadcc2b575876

    SHA1

    15ec7dc925ca16a91daf69aba4a79c49da5e860b

    SHA256

    394ca3b831969c7de7fadeafbdb3604a7087bebee09745e5c9656ce2347b9080

    SHA512

    b53cf1b558a608804cc48b50e193cca059ad475ebe5764664240a0323f4e8e14e2c186eaa0e65b2bafae72b21bc397af4f46fa620793fda2d8ce694feffced68

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\DBI\DBI.dll
    Filesize

    121KB

    MD5

    e16a022069269b062d2c365d238993f8

    SHA1

    8a4afdaf5b65881223e1984f6ebabc975bc10f5d

    SHA256

    3ae65351023bd9cc839c8cdbdeb812c2f8ff8fc70cf14d72d0bc950afc867867

    SHA512

    4251c906afb67fb1f648910375d338af8183be60385a757eb340cc87201e306997bb8f701dd556fba660991897d1ec82011b3e74a86dba3753e0e4f1d3f87739

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Data\Dumper\Dumper.dll
    Filesize

    28KB

    MD5

    ca8f8d86915b1d0895f521f506957454

    SHA1

    e5d6924ab6b25be9e994cf335bba18c60e32b12e

    SHA256

    b04f650fb8681c0b0258a496faaf5cadae857a644c7ad023d4f6eb683e7b1ca9

    SHA512

    96d44e9d801b36178c8e8d8e65a0c0f2c6f77447979cb12de7b9c4e79cac8a3a5c4f284ae70419385668f7843323173296ef3b68f017d5cee21bf302d5d52ec1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Digest\MD5\MD5.dll
    Filesize

    18KB

    MD5

    41151184c847b8d55ecc585c651a5352

    SHA1

    9f6e888c62d34db133a39b3c1fe935321a936583

    SHA256

    7456b3bcc2ff931cb4444b6eb4e43509dd69c638a8ce47c77eafae77fcfe71f3

    SHA512

    c9d0ac02fe5371f620cafd69569ab5e28e5a0999972545dbda5a02f9c9423500cff9e424cbd5c62127e9d7691a1345122c96a69a4df7ec921b6efe86985787f0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Digest\SHA\SHA.dll
    Filesize

    47KB

    MD5

    048e94ae146b0d3b3804f3032f890e63

    SHA1

    f47633894a591f964de576ae7aa9722f3789d37a

    SHA256

    73933519333f2e6b7c0ef9a37bae7ec78cb7b0bf72c99650e155d9526b5cdaee

    SHA512

    6bf7413acad29598fdcc1909efbb51bb5972ffb90d15dda9c53e393b73882ba4e8b8712f410df28779ba7a254521d59e161d490b6cbbc2adae6921f897b960c7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Encode\Byte\Byte.dll
    Filesize

    160KB

    MD5

    be7886afa56509b7c29bd5d5fa6efd09

    SHA1

    988ccced18089392f1d20fb5e80ba0f49041a620

    SHA256

    a655c137b28181753119255616ba24b96623680cfdd779dbf55a481e5201d319

    SHA512

    70ea79a5694e68e65aa7bcff400dbd6d033559382e784b7a80c59a9185422ec7769fde47ec6cf26e4d88edf8396f9e8592c2a4846aeac26ace126d858fb5ac82

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Encode\Encode.dll
    Filesize

    28KB

    MD5

    9e44affc1c7a434a63dce2f80b95c5f1

    SHA1

    ce29e7d5b495f6a1588eaed4ae79b9bb937655d2

    SHA256

    2c19b424772eaf7d35f10e3d3e5aded6e4a6fde20fb4cfcc9beb0eff5d239a6b

    SHA512

    e288afa1a4a45fb5dc03657b9d8b88577202a53d138acbbd0855340210a50a361efec29178dc73ad60ccc1609944cd2012232859e7affabb64573711a79a6d21

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Encode\Unicode\Unicode.dll
    Filesize

    18KB

    MD5

    a46c2373175d4d4685cf484cba539b46

    SHA1

    7859420e5e602f9fa26804a5555ce7c2ea45ff5f

    SHA256

    2e9fef806f30a11e7ce925cbf96cce9b36aaa679c5bd9b0a04c7a34a1b4d6d93

    SHA512

    2e3a0ebc2db8ae2cd701c7b2cd329c8e826829e980affeff4ed7bdde8784235bd154543fa08ab1607879608fa4e9a3a0fe54362008cdc887d693ce4ca76d5d4c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Fcntl\Fcntl.dll
    Filesize

    14KB

    MD5

    9e2f2077d877ecc55783432eaa925fbd

    SHA1

    f654291c8db72030b1a7240da5c2bc2e72144842

    SHA256

    e6eeb4e04eef26971194fcd5e220b77986dab8d1443450a88af7999443f0bce4

    SHA512

    22027fa87ec4ca685f7bae865a365cefcb257778c26cb7b7cd1563d2d1c7a31a3b4917961b2805913b4e3df3f4505785d40916546e521cc6d768f48c3f8dc51a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\File\Glob\Glob.dll
    Filesize

    17KB

    MD5

    7ca9212fd66648a558cb8daca24b7422

    SHA1

    57e13da67ad975ef5999dabb4ffa7a2d056be99b

    SHA256

    684244b4e583fd8b400587299f46196fa427d939d1c90dfd0fdd267b1a14d4c6

    SHA512

    fbbde855bb512ccb23b8bcc370eb307fa30d539e0494a0020beeac199d8f53a8e2dafc2ac17ecadeca906266a5ad43ede54f6e66be4b4ab928f9df296e82aeb7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\IO\IO.dll
    Filesize

    14KB

    MD5

    4ab044b222f1d5dac70d4586552e2f3c

    SHA1

    77424fb1a6ce29925bc40496fcfa1a3fa1633c5f

    SHA256

    79097978a85ffe06ea2e8a24648de85e4d68057ae5756aa824ef60a6ef44f9c1

    SHA512

    f8260e0512e25f273d60fc33d48ea8cdb5651cfb24bd27380da1e2728e82fdf1fd8afafeb45dd60b0521068ab77b595f9ad7c449009f4c9bbaa1c3f66909acf3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\List\Util\Util.dll
    Filesize

    19KB

    MD5

    00d52996a2be4c6760df95ab13f8f3dc

    SHA1

    0f7d3a1e6b9410fa97851196d2107f14b2c8480e

    SHA256

    0562f6082195196926fc8b56b98281460487d4b184c0740c5cbb463d16463580

    SHA512

    1013ae7573efe5e17a189d0cd83325e7f70c6ced2d9856cd1d6d9f88596abe724a2f53c5c75c298cacca8bef9e75797cf9affbabf7a57bb5efcd969a4c719216

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\MIME\Base64\Base64.dll
    Filesize

    12KB

    MD5

    0c00892838dc1c249d6d0b9e8c36cdbf

    SHA1

    6aee8eb54c17bb502ad2d9e526d9a265df7938a1

    SHA256

    4ed1a6d4fe2e443ac3aa6831546b314355614db9cec5285a80ac0af146298ae5

    SHA512

    35cf68d7ef81a3e8c7db7963c9e41c2cc2e67ed5cbaec9627e425b8a06553f199d2b49c3b57eb4d07e8e04d237336fb7f61b21e46fb51956d3028a7fd65160c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\POSIX\POSIX.dll
    Filesize

    75KB

    MD5

    be29ea63af274b700f837f5dd80185a5

    SHA1

    d5a2f2b0aaac3125e02e087cd4eb8d8b01a9a479

    SHA256

    9c2a7fc8f5f3593ca84ed4bfb6d854c4218b32dbb4ec802f4a23ee7bd399b31e

    SHA512

    346db4e76f6c09f6a641f750bddf24639e0787988f60f7049ae0b1e32aa480ac3ff4b2590a4cb7d445127fbf1410de69722b11e69555e73e3db47f3b56fd5a86

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Storable\Storable.dll
    Filesize

    80KB

    MD5

    26509ba1b9696f4a0719d97c9f2d23e9

    SHA1

    f2ce9422424b1b5fa44a8dea8235a8045fe6165c

    SHA256

    b5c7fc66cc3f6e259545b6a07857465e0d066324b16b3fbcd204022b8d51ff98

    SHA512

    8cd80cff5b90d6412d7593d6dc6b128102ec715eae4c55302049f97ed233ee5eef5964ba1422245582979e024a7359d8b52715f49c96aa4bf4438e60753d2256

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Win32\OLE\OLE.dll
    Filesize

    121KB

    MD5

    a440598c25419a139231af4c53286259

    SHA1

    ea40574b1877074e8b87a4b2d17a7276f3ef0a59

    SHA256

    8eb8ae9c2acb5373f983998a4b34cf10404338622a12643f3e36f5ffc68bc2fd

    SHA512

    e303520269c10c546f7e6431148af82cf796d511074a11561325fea96b0a6d6a09626f33118166b84b353b659c0905feedb29aa0f7878a1eec01eec621524ab8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Win32\Process\Process.dll
    Filesize

    22KB

    MD5

    f584663d4ce73d6cdafbce44c09a3bb4

    SHA1

    64d07554157d65384553ff1ce93e1e5327a9cb58

    SHA256

    11562920f692189bb3c27cd8942c09686e42a50b0e6bf7b863f993b6cd0c3296

    SHA512

    91a4cee469844d983ab48ae9ee6933f7136e0e147491a8c6f9f4cbb8d8515e391be406f6f8b4ec043424f153d0241de52b479d056aefad6973131b6ab5c16f73

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\Win32\Win32.dll
    Filesize

    39KB

    MD5

    cf3296f0d100902aa46fb9ea86667839

    SHA1

    80282b84c5c93c5e416adf527dd3cb3432480166

    SHA256

    f85cceb8dcf849209f44fa94d043cadceb81af23363b8d59b6fc4a979eb6ed05

    SHA512

    e8a78071386209655e41e754e1724a1f7d6b0002db1af2bea6b5df62b6abd48200b848da7d7f8e5696d1ff00ee0f62a6f13c401c93c0142ae8df370de9a56dfd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\XML\Parser\Expat\Expat.dll
    Filesize

    163KB

    MD5

    1d4a65f15a59883983cb6ea5d5e01249

    SHA1

    28d389d5b548503a77c7cc5d012fb015374ed198

    SHA256

    2e53f734a954b829b707fd8e844c51678dcb0c550c67a6d249075432b0a47263

    SHA512

    08d35989d3c5855e36001361908340d0ae59d2e25221efd3a8c0a39538cf9e3be86fd7254964b7fd9c7a8b2c0a98966c13395ccad81db92c3e9973eda541e952

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\auto\re\re.dll
    Filesize

    254KB

    MD5

    c084c759807b04f5206f1ab338f2341a

    SHA1

    437590475a79c26ddfb01f582b3235274fe01542

    SHA256

    87e17948681612449b4a9b4200aa98608b4d8c1dbad97660cc95fca3d21fdbef

    SHA512

    07a8a342d0acf1ef981c6117f9c03b883c308d34b8cc8f717e389984ccb883106e750e0b28c0a9908f950af72629c9e574117abdfa43e43adaf45cd06746a5d1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\p2xtmp-1204\p2x5142.dll
    Filesize

    1.7MB

    MD5

    9949c4376357fbe49d2585feb2af50da

    SHA1

    d08f60048b546c3c117d536052239ac3fccc1683

    SHA256

    1b260749c4aab6cb6bd2aeacd74d2a088d3b4207d89a7b0304e4582ab8eb7c5d

    SHA512

    1273d0c06947e2aeab7e2c9a640f6f86cc8cb01880e1403717daafdbc8bae7481a6b4ac4e428ce4048c36e4f7817c015bd8b96ee5effc7b9110c496c60d95006

    Download Submit

  • memory/1204-65-0x0000000000380000-0x00000000003A2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1204-79-0x0000000002EC0000-0x0000000002EEC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1204-71-0x0000000002E30000-0x0000000002E5D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1204-81-0x0000000005F20000-0x0000000005F41000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1204-69-0x00000000003B0000-0x00000000003D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1204-67-0x0000000000350000-0x0000000000367000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1204-85-0x0000000005F70000-0x0000000005FB3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1204-60-0x0000000003650000-0x000000000377C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1204-58-0x00000000000F0000-0x0000000000112000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1780-87-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1780-88-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1780-89-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download