Overview

overview

7

Static

static

1

MCCToolChe...up.exe

windows7-x64

7

MCCToolChe...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2023 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MCCToolChest_setup.exe

  • Size

    3.7MB

  • MD5

    04190875f2d2e597280ea5644bffa04a

  • SHA1

    c445748e0363716a5b40feab9c2aa71bd6e6e2ea

  • SHA256

    2b16f6f3724887d6fd22cea357836b0f1170451f05b02dd523694eb545d77101

  • SHA512

    4f6d792def10951e8552db445af8da8e12ea466989d319bee22b6d6d035ce347c423426081dc88e7a6441d692850c927f32141a8ec4ca3619d98cb329121b1b8

  • SSDEEP

    98304:ffTBaVO007iefZ0RKkUMhXDIdexOfJlHanl:daVciwGuMhzIddJlHanl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 19 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MCCToolChest_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\MCCToolChest_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\MSIEXEC.EXE
      MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{9122DF87-8A03-43A9-9A2E-0A1050EB19B4}\MCC Tool Chest.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="MCCToolChest_setup.exe"
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2924
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CA160A8E7308E98444AC3F49411E1500
      2⤵
      • Loads dropped DLL
      PID:3188
  • C:\Program Files (x86)\MCCToolChest\MCCToolChest.exe
    "C:\Program Files (x86)\MCCToolChest\MCCToolChest.exe"
    1⤵
    • Executes dropped EXE
    PID:2156

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e5745f3.rbs
    Filesize

    14KB

    MD5

    3d762672b5fdac053a35bc82ae010f1d

    SHA1

    223f269dc8765b703588acacd120f155cf43aec1

    SHA256

    94e2e672efdd68e585ba15f1c26a0a7ecd73db12dd6e3a4ce1cfd38af4e1d8d4

    SHA512

    5178c678327cab67e25a63a385c6a7de53e23ba704a2f5030168f20462c0d4718a74407c0a3bf483f6aa8281571c38d467860c81448e9893658e31291bb13b8f

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\MCCToolChest.exe
    Filesize

    2.3MB

    MD5

    de430dffc9a431133ae7f0099b5db648

    SHA1

    3b0e249405aded030b5fd2b59c55807309dc2fd1

    SHA256

    5a3d97cea26389a5c5e61f3e00808956f56cb5caca8bd75fa81200949ba48c50

    SHA512

    a115a48e7432d1088f1f2eb67ae45d6bd9944700aa0542ac212076700c4b08a01f4a1b727b9d8b1ba3b1d37d7cb4a2a2b430a3a84a74ae96c7237c60e2578d28

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\MCCToolChest.exe
    Filesize

    2.3MB

    MD5

    de430dffc9a431133ae7f0099b5db648

    SHA1

    3b0e249405aded030b5fd2b59c55807309dc2fd1

    SHA256

    5a3d97cea26389a5c5e61f3e00808956f56cb5caca8bd75fa81200949ba48c50

    SHA512

    a115a48e7432d1088f1f2eb67ae45d6bd9944700aa0542ac212076700c4b08a01f4a1b727b9d8b1ba3b1d37d7cb4a2a2b430a3a84a74ae96c7237c60e2578d28

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\MCCToolChest.exe.config
    Filesize

    2KB

    MD5

    2bbef03c95954f7abbe2846bac86f899

    SHA1

    d88e55a72faea6ad4e2762779dcba3477e01e83f

    SHA256

    c0196b34e66a68eb47b6f6907e6fbeb613b9658bdac8a2e1b4b185af8fe4af3e

    SHA512

    295fa48e9b0509c4cf994d4e734fe31fda628ab4f2b3fe9481f9dbae19ca125416b6878958ec767b0ff5f4655d976a0a2d7a8f945947a909fc544a369c7ae298

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\NAppUpdate.Framework.dll
    Filesize

    135KB

    MD5

    d0d99f825b4a12549b08d9cdb1356bb0

    SHA1

    11fd9d44580985fe9cde49a821d75d02487e005b

    SHA256

    091ef778d5a90086e0dfb010c979426da74326a91671ec639d58779e88555eef

    SHA512

    0e42a3458aa3aa67fec2b646a9402c3f4662eb60e646b87da5c7f96c30f276aa7f8d56627fc90df9a0f53becbfeaeebeae1556f770b8c39e057ffc93dc344fba

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\NBTExplorerWrapper.dll
    Filesize

    329KB

    MD5

    a7ee52b8ab04a4934dc9f2156056ad67

    SHA1

    b026d05d581be155e12b4a2dca8667d8b08fbca4

    SHA256

    978af871bd2dddb4de81c39939b3b0c6306e7ca977f5238f972fe11a6b186477

    SHA512

    d2916f6ba8d8e102d6baff26192b775f15d62df1b3945e7a52c1b64838f4bf30b45e223fa0bfb6ed458cd3762adc823723e18c6a325a54e60f0e8ba7ed6d4a8c

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\NBTModel.dll
    Filesize

    56KB

    MD5

    aba6799201a992724d6f6c932523e9b1

    SHA1

    a9a33311b67daa1841298b8d9befb71dd5a97fde

    SHA256

    0f9fe64b9c02cc1a5952e13521f371845fbb7160ea684eedd5290af4f219f6a6

    SHA512

    70eb9c7db20f6fa1bc2e1c768240800746e895d321d8a0377dce6a421e374bb0adbb509b97c9f0b87183d9a93ab134a175898c3b823df9fed3300a1fd26517a0

    Download Submit

  • C:\Program Files (x86)\MCCToolChest\Substrate.dll
    Filesize

    358KB

    MD5

    40f2dd8988e96dbf74c866a13b9889a3

    SHA1

    ef5ec984790c6bc8c7993b3860b5e6e4d482f166

    SHA256

    7362a6063ea9ad63e57707b0f619202f2c287eb975f0a0b7259bcaeebb13e9b3

    SHA512

    10562616a1c409f1e1f0b7c163c212efa16636806ed54b8ced5dc7bc717a9f49ef92982befcd4af384aca17da770d8f642b99745f9a0f529121026eb4d0faff7

    Download Submit

  • C:\Users\Admin\AppData\Local\Downloaded Installations\{9122DF87-8A03-43A9-9A2E-0A1050EB19B4}\MCC Tool Chest.msi
    Filesize

    4.4MB

    MD5

    4ee0961c165507fede0fed1dc59e8d33

    SHA1

    f46a4c77a44444fcf83fc158c508099c48150044

    SHA256

    f620d1a37edd8e3415c353775f9b8bcd4eefafe27cf3b7bbeb1dcc9cc5a9b73d

    SHA512

    2f6d6ea65e34951adb713941f1017c05793516e30fd179c507eafebabd5c1586145a7462a0742f0feb40f3fe8064de405adc507c41fb6d3a69216ac732dc0514

    Download Submit

  • C:\Users\Admin\AppData\Local\Downloaded Installations\{9122DF87-8A03-43A9-9A2E-0A1050EB19B4}\MCC Tool Chest.msi
    Filesize

    4.4MB

    MD5

    4ee0961c165507fede0fed1dc59e8d33

    SHA1

    f46a4c77a44444fcf83fc158c508099c48150044

    SHA256

    f620d1a37edd8e3415c353775f9b8bcd4eefafe27cf3b7bbeb1dcc9cc5a9b73d

    SHA512

    2f6d6ea65e34951adb713941f1017c05793516e30fd179c507eafebabd5c1586145a7462a0742f0feb40f3fe8064de405adc507c41fb6d3a69216ac732dc0514

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{E16F1E03-3163-4A45-BD4A-6D1775921240}\0x0409.ini
    Filesize

    21KB

    MD5

    be345d0260ae12c5f2f337b17e07c217

    SHA1

    0976ba0982fe34f1c35a0974f6178e15c238ed7b

    SHA256

    e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

    SHA512

    77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{E16F1E03-3163-4A45-BD4A-6D1775921240}\_ISMSIDEL.INI
    Filesize

    20B

    MD5

    db9af7503f195df96593ac42d5519075

    SHA1

    1b487531bad10f77750b8a50aca48593379e5f56

    SHA256

    0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

    SHA512

    6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~F580.tmp
    Filesize

    5KB

    MD5

    865d70d48694f31aee80bad17846cb7a

    SHA1

    31281aff863a6e5ac3aa0997f55888d62addaa88

    SHA256

    82309ca1ec0ac6f96762c46daac4f563271237f6015ad0c6deb31548eef947e7

    SHA512

    781ca3ceb171705dbb546514fbf4823cc36957fc9b4d7ef5c4f56fd15386b8dfac5f11667ce4cc6de40d6d4518bed90999806fd44d5dd63743de943aaa76d306

    Download Submit

  • C:\Windows\Installer\MSI495D.tmp
    Filesize

    104KB

    MD5

    ff43cabba151dba4c92800eefce66c37

    SHA1

    5ee3357684d123f1333f510c46ab79fc20e2120b

    SHA256

    78e2bdd0224d165d7021ae683946fb08865f3073b38f61f7f0d96d8e964de249

    SHA512

    12315eca59df4e76e2e4f0f8d9e52438a99799f0d87fe6e357c11ed709d29cc5ecccdfdbfcad57cfbf9ba1d18cceedf0abc0f76ed9f7357cc65310c4bd417cab

    Download Submit

  • C:\Windows\Installer\MSI495D.tmp
    Filesize

    104KB

    MD5

    ff43cabba151dba4c92800eefce66c37

    SHA1

    5ee3357684d123f1333f510c46ab79fc20e2120b

    SHA256

    78e2bdd0224d165d7021ae683946fb08865f3073b38f61f7f0d96d8e964de249

    SHA512

    12315eca59df4e76e2e4f0f8d9e52438a99799f0d87fe6e357c11ed709d29cc5ecccdfdbfcad57cfbf9ba1d18cceedf0abc0f76ed9f7357cc65310c4bd417cab

    Download Submit

  • C:\Windows\Installer\{8C97B408-A4CD-460A-8EF4-DA99934C3A9D}\_Built1_28478AD26D5645C6B66D24AD7917F91C.exe
    Filesize

    420KB

    MD5

    a4d1d4978c3637670432145fc52ef190

    SHA1

    c20811614e23906ed7cc3ac305f2e5830d989303

    SHA256

    d322cae2bf56c4ce6df55eb95d168536c43aa13c55fccbe700a824307aca7935

    SHA512

    b145843f04fb140caa7ae3ff90e49eb4acc0186452fd2393b9aacc811d3e178ea57a966a79df9c461b60eea3bc620436dc751343f02e31c3924445eb7f564e3b

    Download Submit

  • memory/2156-247-0x00000000029B0000-0x0000000002A08000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2156-250-0x000000001DF40000-0x000000001DF54000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2156-248-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-252-0x000000001DFC0000-0x000000001E020000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2156-255-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-258-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-257-0x000000001E3D0000-0x000000001E3F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2156-245-0x00000000005E0000-0x0000000000834000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2156-259-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-260-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-261-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2156-262-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download