6c7b542986435675411631611b9c653e90c04b9e2ff6521dd61f3baba79790d5

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/05/2023, 08:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CCProxy.exe
Size

6.4MB
MD5

75a49e557452c882dd8d53247987f6bd
SHA1

80e1cf583457502da29cd0a638ac6bd94a79ebd3
SHA256

6c7b542986435675411631611b9c653e90c04b9e2ff6521dd61f3baba79790d5
SHA512

9eab238d646b001ed6e36501bee94394bc9514644adee5d802500c8a5270c53a90c286331858a1234639362971504eecf9749c0ade4c5ec912e09634e68bbc7e
SSDEEP

98304:HqUQ1igyRb7QfI4dPX0tmK49irMJSKlM1NTsnNSgr06PKUOm0brRrFsmyS125KpZ:B7A3fI49OAvcfU0RRVrGQX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1708	CCProxy.tmp

Loads dropped DLL 6 IoCs

pid	Process
816	CCProxy.exe
1708	CCProxy.tmp
1708	CCProxy.tmp
1708	CCProxy.tmp
1708	CCProxy.tmp
1708	CCProxy.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28
PID 816 wrote to memory of 1708	816	CCProxy.exe	28

C:\Users\Admin\AppData\Local\Temp\CCProxy.exe
"C:\Users\Admin\AppData\Local\Temp\CCProxy.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:816
- C:\Users\Admin\AppData\Local\Temp\is-O53V0.tmp\CCProxy.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-O53V0.tmp\CCProxy.tmp" /SL5="$70120,6425106,219136,C:\Users\Admin\AppData\Local\Temp\CCProxy.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\Done.png

Filesize
12KB

MD5
45b9fcb4d8a9d8ef8e14a7e69929168e

SHA1
3ef5e37c3396ea53cb1827200126ac53dcac4f14

SHA256
b922f1674bf12eada05dbfe52414b228f0721e7eb12010853b6a90b6c2a97c16

SHA512
51be7a1d7279ac48a5bd408af6c2bdee4da433aca1635f82024a7c9e36858d1dd4f320f891372b2727b1be1890afd523062a4931afaefc50f9cbe9371f9bc0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\Setup.png

Filesize
11KB

MD5
8c684f9f14390b7e859c3a5f540f1d53

SHA1
9277210e5b42f050f750b1a52723e84aaee808b6

SHA256
a87837f029b6d03e76215f50cee4de76cc851073e3c1dea9630e96c561f977f2

SHA512
347a63dfc8f83fb4bfcd7a782a8b242ee985c6bf2d967003560416d56124d9cb2a666095fbe3f6a2c4b9a905481e2f10054c9be6c2420d784cf2d4fbd4a905f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\bg.png

Filesize
98KB

MD5
6f8aef2a3a7c35807359d92d3b53bf8c

SHA1
ff86c775a07d8822f0cc53ce78778457eb8bb246

SHA256
65d22bac379ab51d45eb281fc3b75e1f4d5b6291f14db273b2ae1126853cc228

SHA512
dcfae4e25c80f58ad11af61982cbfad82350094b62d731f182cdb66002f676343f152385bb863f82edb31e424073a4c89f579d910eb52d0c7ecf49fe794ea377

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\bgShadow.png

Filesize
103KB

MD5
f914bb9958a65db6f0667881e0d05b07

SHA1
bce8c13ff28644a1325df2e93b0627b5f054c8f6

SHA256
28c15ac4e3bea1b49550cc2fbb25449fffc1f734d17d0ee18950987bc009f739

SHA512
e0814ea2ed05a53c82b425d49df1cbe7f60bbdc5012e2f0c72af22155bcf24534e9759e3d6dee9928892e31ce9b93a06400b7422832f739cc429a9139fe86e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\btn2.png

Filesize
945B

MD5
17b9b803894076eaebb45fef8efd491b

SHA1
0ff18833fb9de420b03b66cf24a99b3898af254d

SHA256
642a2dcb922f13f2e858cc5e824e58414d26dfc08579ec19509d615ad1d720af

SHA512
60cfd8af2b295ba8b95f6bc557a9ec638af438cf7e042e1d3d4dd62023a806079709df924ba3648ac0a130780aefabc9ed1d606613e6de8a25c9d3f5cfd8e83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\check.png

Filesize
596B

MD5
1f75a8433d4dcbe34cbdd636c8899d15

SHA1
2aa625d541d34113385e7e3b063e5e3189fb04e4

SHA256
09c3af3dd259c9a8ae3f78ccd5820480260e2ed3feed515255145208e25bf3cd

SHA512
2704709d49b440f504e0caa07a1b3dddccd372bf5540ad51ed4ca55681508ad824b0426549419f2c11a334cd0d6a3fe9d69124a122bd6cf2990f56a4c4376085

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\close.png

Filesize
718B

MD5
4c776ea90ca5081f97f4948db1a33df6

SHA1
2a019950dc4fbf64876f696ce8aef27d2ee00fd8

SHA256
a0c6baacb20a70fb5780748106a8f7c12bc8ebc55eede7980b818c5775f479d2

SHA512
d2f8b6539c916c0f570af81ea7453cb9551d9b1b8946810f61a0533cc065e09c69e7fc60dd37fe5bbd540c6cf5bb8ed2e91156294e65f37875b62814e34d259b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\path.png

Filesize
395B

MD5
e6058348d1d98cf5d1b9d16348977bfb

SHA1
fbd7e039da60512af5a3ba48be8b7ec9b05a6f60

SHA256
0338bf70c52b32bcf689734bf9737fc6fbdd484e4a3e6ce0f0308d6980cf3e8c

SHA512
04b04310327e599c5a8872aad115e2880563f592cf6b103f6fc923f056cd3f0a1e2a9cae354dd821993c9114a19c93255cd1e5ebc87a1888f40b7607a40555d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O53V0.tmp\CCProxy.tmp

Filesize
1.0MB

MD5
b2d7e3d700baf27735963e56a8474e0d

SHA1
dd3b3124e5e04be2dc29bb847f1823fa63beddc5

SHA256
e288e5ac59eb6f0d5ebb313eb8b3f6f9f9e24d1c5dd7722b2e6cf7c804dfd200

SHA512
fcb25348259f64606089e7ae6b68e6df382bef625bf1d55f1724b2f7c31a6981eab4323ef9cd0624f53acf34c0a243dd764c6e25fde970ace378992e6c0ac4c9

Download Submit
\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-0P4P7.tmp\maddl.dll

Filesize
180KB

MD5
75eefdfeb969cc620440aeafadaba9af

SHA1
bd83de722003423f327ea4c94aebde337df10e34

SHA256
e4a1056d44597bea9bd03d2a8508b3b08910213703e3a8af2cfa895f1816edf8

SHA512
c2b8687143015fffec8d69bdd9ec96bed19822ec5a2c8b1263a61f6de835ed287e1b111dfedb92b5fabde926fda33b67ab32d8dee66986cedf634bde242544e7

Download Submit
\Users\Admin\AppData\Local\Temp\is-O53V0.tmp\CCProxy.tmp

Filesize
1.0MB

MD5
b2d7e3d700baf27735963e56a8474e0d

SHA1
dd3b3124e5e04be2dc29bb847f1823fa63beddc5

SHA256
e288e5ac59eb6f0d5ebb313eb8b3f6f9f9e24d1c5dd7722b2e6cf7c804dfd200

SHA512
fcb25348259f64606089e7ae6b68e6df382bef625bf1d55f1724b2f7c31a6981eab4323ef9cd0624f53acf34c0a243dd764c6e25fde970ace378992e6c0ac4c9

Download Submit
memory/816-54-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/816-182-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1708-75-0x0000000001F70000-0x0000000001F85000-memory.dmp

Filesize
84KB

Download
memory/1708-80-0x00000000005D0000-0x00000000005DE000-memory.dmp

Filesize
56KB

Download
memory/1708-118-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1708-183-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/1708-184-0x0000000001F70000-0x0000000001F85000-memory.dmp

Filesize
84KB

Download
memory/1708-185-0x00000000005D0000-0x00000000005DE000-memory.dmp

Filesize
56KB

Download
memory/1708-186-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads