9cbc25d1f2c4bd33bfb2586555497505e125c2f1505a3451456b37fe49778053

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05-04-2023 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccsetup610_pro_trial.exe
Size

51.4MB
MD5

0c4bf47ba7b9d1c95bbfd305b97d51b6
SHA1

33db9494b17186e019fcde4bf8e0a8c65e57d726
SHA256

9cbc25d1f2c4bd33bfb2586555497505e125c2f1505a3451456b37fe49778053
SHA512

5ec375d481afede4cb7c8b3499a5564e79ecd82c93e55e0bb091e63df762926cde52941cb9392710c691cc9a425a0ef6954d29fae10bcbe6663e0db558974bde
SSDEEP

1572864:EGa3QR9TUKGAqcudtTkpttagIc56qFVKtdgZ5:EZ3QR9dRqv3TyEEnCdgZ5

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 6 IoCs

Processes:

ccsetup610_pro_trial.exe

pid	process
3592	ccsetup610_pro_trial.exe
3592	ccsetup610_pro_trial.exe
3592	ccsetup610_pro_trial.exe
3592	ccsetup610_pro_trial.exe
3592	ccsetup610_pro_trial.exe
3592	ccsetup610_pro_trial.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

ccsetup610_pro_trial.exe

description ioc process

File opened for modification \??\PhysicalDrive0 ccsetup610_pro_trial.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

ccsetup610_pro_trial.exe

pid process

3592 ccsetup610_pro_trial.exe
3592 ccsetup610_pro_trial.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	ccsetup610_pro_trial.exe

C:\Users\Admin\AppData\Local\Temp\ccsetup610_pro_trial.exe
"C:\Users\Admin\AppData\Local\Temp\ccsetup610_pro_trial.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\UserInfo.dll
Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\p\pfBL.dll
Filesize
11.3MB

MD5
f8d1c110600144a9310723c011eeb9c8

SHA1
304e211607eb14e079956531e149e53db2930762

SHA256
d2b8a9d801e5c823be4c8eb9d721a8181d12f3b435d9c80b858d5e6074530bd2

SHA512
7656c865420724b8a77c5a4180b6a410c4c54e9f71f5938fb2d3549bfbd0b05e10f0deb90e532b9b0699e480133c410074ed58ae8f2f1dcd547af725e802eac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\ui\pfUI.dll
Filesize
16.4MB

MD5
d0ee52daa39b8b22eced053f68d5b765

SHA1
24675ba34154b43ab97fe27c9a15e8ed50d101b6

SHA256
3b71b214236e0fe464261e081628fb7d26fded5a08cca28820cf0a849310cd3f

SHA512
756f1628b40459e191cc96ffd75118cf8e7726764ca497504a0fa4a22a150347d1bfb993dd4c308f420fc57171eaac9ecba7b9761cb96929ba5f098ce56d76d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\ui\pfUI.dll
Filesize
16.4MB

MD5
d0ee52daa39b8b22eced053f68d5b765

SHA1
24675ba34154b43ab97fe27c9a15e8ed50d101b6

SHA256
3b71b214236e0fe464261e081628fb7d26fded5a08cca28820cf0a849310cd3f

SHA512
756f1628b40459e191cc96ffd75118cf8e7726764ca497504a0fa4a22a150347d1bfb993dd4c308f420fc57171eaac9ecba7b9761cb96929ba5f098ce56d76d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\ui\res\CC_Logo_40x96.png
Filesize
2KB

MD5
d32b0460183056d3056d6db89c992b88

SHA1
79823e151b3438ab8d273a6b4a3d56a9571379b4

SHA256
b013039e32d2f8e54cfebdbfdabc25f21aa0bbe9ef26a2a5319a20024961e9a7

SHA512
3ad36f9d4015f2d3d5bc15eac221a0ecef3fcb1ef4c3c87b97b3413a66faa445869e054f7252cc233cd2bf8f1aa75cb3351d2c70c8121f4850b3db29951bc817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\ui\res\CC_logo_72x66.png
Filesize
7KB

MD5
a736159759a56c29575e49cb2a51f2b3

SHA1
b1594bbca4358886d25c3a1bc662d87c913318cb

SHA256
58e75de1789c90333daaf93176194d2a3d64f2eecdf57a4b9384a229e81f874f

SHA512
4da523a36375b37fa7bc4b4ccf7c93e1df7b2da15152edf7d419927aa1bb271ef8ba27fe734d2f623fcc02b47319e75333df014bed01eb466e0cd9ec4111ef53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl97A3.tmp\ui\res\PF_computer.png
Filesize
87KB

MD5
7f4f45c9393a0664d9d0725a2ff42c6b

SHA1
b7b30eb534e6dc69e8e293443c157134569e8ce7

SHA256
dbd8b6fdb66604a0a5e8efe269fbfa598e4a94dc146006036409d905209da42b

SHA512
0c27f9ce615cbff3e17fd772ce3929ab4419d7432d96223b7eec1ba70953f2ac993404b954020247b52d7f7499212d44eb6f85da2e2676773cafe1ce89b390f9

Download Submit