c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6

Submit
Reports

Overview

overview

Static

static

CCleaner.T...le.rar

windows7-x64

CCleaner.T...le.rar

windows10-2004-x64

CCleaner.T...er.exe

windows7-x64

CCleaner.T...er.exe

windows10-2004-x64

CCleaner.T...64.exe

windows7-x64

CCleaner.T...64.exe

windows10-2004-x64

CCleaner.T...ng.dll

windows7-x64

CCleaner.T...ng.dll

windows10-2004-x64

CCleaner.T...p2.ini

windows7-x64

CCleaner.T...p2.ini

windows10-2004-x64

CCleaner.T...le.exe

windows7-x64

CCleaner.T...le.exe

windows10-2004-x64

CCleaner.T...p2.ini

windows7-x64

CCleaner.T...p2.ini

windows10-2004-x64

CCleaner.T...er.ico

windows7-x64

CCleaner.T...er.ico

windows10-2004-x64

CCleaner.T...le.nsi

windows7-x64

CCleaner.T...le.nsi

windows10-2004-x64

CCleaner.T...er.nsi

windows7-x64

CCleaner.T...er.nsi

windows10-2004-x64

CCleaner.T...7z.dll

windows7-x64

CCleaner.T...7z.dll

windows10-2004-x64

CCleaner.T...7z.exe

windows7-x64

CCleaner.T...7z.exe

windows10-2004-x64

CCleaner.T...er.bmp

windows7-x64

CCleaner.T...er.bmp

windows10-2004-x64

CCleaner.T...er.nsh

windows7-x64

CCleaner.T...er.nsh

windows10-2004-x64

CCleaner.T...er.nsh

windows7-x64

CCleaner.T...er.nsh

windows10-2004-x64

CCleaner.T...sh.bmp

windows7-x64

CCleaner.T...sh.bmp

windows10-2004-x64

Analysis

max time kernel
130s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2023 16:53

Sharing

Copy URL

Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

CCleaner.Technician.6.12.10490.Portable.rar

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

CCleaner.Technician.6.12.10490.Portable.rar

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner.exe

Resource

win7-20230220-en

bootkit persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner.exe

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral5

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner64.exe

Resource

win7-20230220-en

bootkit discovery persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral6

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner64.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral7

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/branding.dll

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

CCleaner.Technician.6.12.10490.Portable/App/CCleaner/branding.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

CCleaner.Technician.6.12.10490.Portable/App/DefaultData/CCleaner/Winapp2.ini

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

CCleaner.Technician.6.12.10490.Portable/App/DefaultData/CCleaner/Winapp2.ini

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

CCleaner.Technician.6.12.10490.Portable/CCleanerPortable.exe

Resource

win7-20230220-en

bootkit persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral12

Sample

CCleaner.Technician.6.12.10490.Portable/CCleanerPortable.exe

Resource

win10v2004-20230221-en

bootkit persistence

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral13

Sample

CCleaner.Technician.6.12.10490.Portable/Data/CCleaner/Winapp2.ini

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

CCleaner.Technician.6.12.10490.Portable/Data/CCleaner/Winapp2.ini

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/CCleaner.ico

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/CCleaner.ico

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortable.nsi

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral18

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortable.nsi

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortableInstaller.nsi

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral20

Sample

CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortableInstaller.nsi

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.dll

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.bmp

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.bmp

Resource

win10v2004-20230220-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral27

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.nsh

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral28

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.nsh

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Launcher.nsh

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral30

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Launcher.nsh

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Splash.bmp

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

CCleaner.Technician.6.12.10490.Portable/Other/_Include/Splash.bmp

Resource

win10v2004-20230220-en

windows10-2004-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

CCleaner.Technician.6.12.10490.Portable/App/DefaultData/CCleaner/Winapp2.ini
Size

944KB
MD5

b44e2c2e59443dfbe362777bec626675
SHA1

8530fe37794fbf667640e760346867dbee28fb14
SHA256

c9f05be4f6320624614a3a9af7e653a83d4f5fafe6eb21b3ed3ad3aca75acad2
SHA512

19f72895e4dd3032a5132d1ac6f23a798e5676b1d233276121aa713bae95f3b353ffe84fc86c90e8dbbd10959b27f7415d0983717b832480746f30f5a066068a
SSDEEP

12288:4FZg2wFqiMpykyaMdccHoozgQKwmYr/p4xxR+7j3NsLEQAI/CYltS34YbiU/XFJT:RFu7AI/CYEh

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
628	NOTEPAD.EXE

Processes

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\CCleaner.Technician.6.12.10490.Portable\App\DefaultData\CCleaner\Winapp2.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:628

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads