Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

CCDisk (v2...HK.rar

windows7-x64

3

CCDisk (v2...HK.rar

windows10-2004-x64

3

Crack_HK.zip

windows7-x64

1

Crack_HK.zip

windows10-2004-x64

1

Crack_HK/CCDisk.exe

windows7-x64

Crack_HK/CCDisk.exe

windows10-2004-x64

Crack_HK/CCDisk.ini

windows7-x64

1

Crack_HK/CCDisk.ini

windows10-2004-x64

1

Crack_HK/CCacheX.dll

windows7-x64

1

Crack_HK/CCacheX.dll

windows10-2004-x64

3

Crack_HK/db.xml

windows7-x64

1

Crack_HK/db.xml

windows10-2004-x64

1

CCDisk (v2...LL.bat

windows7-x64

1

CCDisk (v2...LL.bat

windows10-2004-x64

1

CCDisk (v2...up.exe

windows7-x64

7

CCDisk (v2...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2023, 14:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCDisk (v2021.02.19)/ccdisksetup.exe

  • Size

    4.0MB

  • MD5

    dee9faa70dd7776cb8f21e4de5e908ca

  • SHA1

    1dd6c2d94f55fa7955f61f845741af981021e368

  • SHA256

    acbdef532ec5dfab992396e07b8d4c86597d567d805c8855184e0523c169f1cc

  • SHA512

    ae1222ab83f881527ebcff24870d83632b9c69cf14adfe891b3788b3a4ef2fa09494508902244f8b539c872165f8f6612108ebac6a874266b42fbc72bdc6991d

  • SSDEEP

    98304:C9OYMNeGvmsrRsusL43x/JW/IB5+JiPZ3lgoT:2yeGvmsrKj43xB6I2Ex3n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCDisk (v2021.02.19)\ccdisksetup.exe
    "C:\Users\Admin\AppData\Local\Temp\CCDisk (v2021.02.19)\ccdisksetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\is-9AFFF.tmp\ccdisksetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9AFFF.tmp\ccdisksetup.tmp" /SL5="$A0030,3962269,58368,C:\Users\Admin\AppData\Local\Temp\CCDisk (v2021.02.19)\ccdisksetup.exe"
      2⤵
      • Executes dropped EXE
      PID:1052

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    210.81.184.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.81.184.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    139.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    139.238.32.23.in-addr.arpa
    IN PTR
    Response
    139.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-139deploystaticakamaitechnologiescom
  • flag-us
    DNS
    199.176.139.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.176.139.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    177.238.32.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    177.238.32.23.in-addr.arpa
    IN PTR
    Response
    177.238.32.23.in-addr.arpa
    IN PTR
    a23-32-238-177deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.77.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.77.109.52.in-addr.arpa
    IN PTR
    Response
  • 8.238.179.126:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 131.253.33.203:80
    322 B
     7
  • 13.107.42.16:443
    322 B
     7
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    210.81.184.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    210.81.184.52.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    139.238.32.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    139.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    199.176.139.52.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    199.176.139.52.in-addr.arpa

  • 8.8.8.8:53
    177.238.32.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    177.238.32.23.in-addr.arpa

  • 8.8.8.8:53
    2.77.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    2.77.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9AFFF.tmp\ccdisksetup.tmp
    Filesize

    709KB

    MD5

    7bc6ee10dbc76acb9dbc72294cff3553

    SHA1

    6fde2a3122e9bd69e4b2c532d9ecd8471bafdf95

    SHA256

    9e26391f9a54ab1098a35ca415efd75117275d2c765c8aa9b3846b2bb8e8a3d1

    SHA512

    3cdc67ae60d6b88b55b1ca5a062d83fa629f825943064ee2d42477b6ed263f619cb011acc7f599b20088f8bd06b8e8b6a5786671d04bb8df828771a6bf7cfd18

    Download Submit

  • memory/1052-139-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1052-141-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/1948-133-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1948-140-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.