821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe
Size

10.5MB
MD5

3dbb2a3f314cc889be71b35fb57e624a
SHA1

40b54c2e09841db6b73bef4608259df524ff75ed
SHA256

821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e
SHA512

9b9752600b10f240ca2e13c684f15457885321ee1fcd3d8562f1f9272f815c0e241886ddf469e6b43ab5174de9bb8f29cefe37a0f4355623c7c07ea8eb8b43a5
SSDEEP

196608:t55Os3Y7Vmd2gIns4dY4AJsv6tWKFdu9ChE:gs3Y7Vm2bdwJsv6tWKFdu9C+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2688	Update.exe

Loads dropped DLL 1 IoCs

pid	Process
1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe
2688	Update.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe
1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe
2688	Update.exe
2688	Update.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28
PID 1728 wrote to memory of 2688	1728	821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe	28

C:\Users\Admin\AppData\Local\Temp\821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe
"C:\Users\Admin\AppData\Local\Temp\821ebcf969198a05da5fa4daf06371d8ce2aee33d08c89ca3d12c91c4dc9084e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\Update.exe
  C:\Users\Admin\AppData\Local\Temp\Update.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CG70\CG70.exe

Filesize
409KB

MD5
59dec9dd35cbbdd98a264a413d3e89f3

SHA1
ee536d5b71cb99f09e04b0cd6abb2024c5ad8331

SHA256
e63eb816d8cc0741970b1ac5ab2b978ff614d368cfb2784a1718db70a83de79e

SHA512
fa703ae103b51889a5b1fc88fb1d2038aa1c682c1705a2aa79c9f5c61b1890e1f7d91f4e043f1cc78dcce8450e25db237cde70ee7e0bad59308323138dc3b4cc

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\37759BC423A03742BA28F028F83DDC472D0D4EDA.temp

Filesize
256KB

MD5
56099cf04cb62bbf923a643edbecccae

SHA1
37759bc423a03742ba28f028f83ddc472d0d4eda

SHA256
d3e1aed0a65867cf1b03654afa65e908874edf783f7cf1c9111da32b012fc5eb

SHA512
0866e5316befadb6404da2f88c830de32b909b626184bfe5c9ba6fe85e28cbaf72ec57fc8779cea1e3f1c0729812e7d27cfb901fb5333797e6e4d4ad9768dd18

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\7478BFF813F45871A59099314FEE632EE59DD5A1.temp

Filesize
256KB

MD5
32a2dcc9bfacf55c4855f25479f59dd9

SHA1
7478bff813f45871a59099314fee632ee59dd5a1

SHA256
74298f1761dbd1c98a9bd4fdac019ba09cd0731dfcc43dbf6b571a2ef0616e15

SHA512
5e4ae6b42a02c4d9ba147ee3ccd4d77564a6d7964b4a1b65a65e5845f7fd89b7aa9ea192d02f1f896f2298aa0e74025794e21f2e7bd5c35c13c52b4d99384ae8

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B4D3522CE53DB921BE6BD75A8C6062C5D5C56334.temp

Filesize
512KB

MD5
333f5f3c6f4497a659db23b222fa4542

SHA1
b4d3522ce53db921be6bd75a8c6062c5d5c56334

SHA256
e94780d1e2393f7c92980d3e66f378117dea4130c546c400b3dd0fd24104cf4b

SHA512
88db19bf3fb4c3a4b7df95e8cd5f608fc8f7708b9ed9d0386e5afddfc4a404035372f0ba451a356034d2b3a4f372350086cb85cdb7b53b8853123951d287eed0

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B8EC36E2F3AFFC5383BB0D4F2E640E4C10EB6FA8.temp

Filesize
512KB

MD5
42635b60b9220dc2d5349c5240f8594a

SHA1
b8ec36e2f3affc5383bb0d4f2e640e4c10eb6fa8

SHA256
59d82d7fbddc6aac95ed23ef3ea4d63fa3d360dc1a628e5976e6103bdd31e355

SHA512
a9f19fb6f55707ff786926b3980c5bf23aceb0cf6628b240eef7b1cbcab56b4c6275d343e1eff7f535976e6fa81c7e6e38b510c6aba976b81285d7aa553a9a5c

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\update.ini

Filesize
1.9MB

MD5
e843ceabc0cbea58155d428274d1eab4

SHA1
d5de07dc0d131e0b1b604df812195f70f0190d73

SHA256
77753207924adf2e56ea6cf4cfd62151e40fb4c7e8a04248662fbd3169a6267a

SHA512
0b8492b16af50b167f1f6fabe1a231e22da664ce6c2ad3195544db2306ea8cd25c65cc3d012b7fc77014e55345e5a6509ac48995e22365a9d220720f33a64362

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.exe

Filesize
5.4MB

MD5
20e1289ef83124713e4475c6edd80275

SHA1
16b5b6dc0765ad0267bac6f598d03608a9b435de

SHA256
5e0f8d868d3b9f64662a0cecb3ea207f50bfece5f47c8cfc5e5c7fe72b31f1b8

SHA512
7b8499667f697c1c8d264e4b8b5e910d2ae6a5ce1bb0abc199121b1215c2aff77cc4f4e175cf0b1bf55633b99668a0898699a6b2599ad45f4bf2a73b2eb2f07f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Update.exe

Filesize
2.2MB

MD5
7dfe9e8fcdac631c751afc81a3aa6778

SHA1
b9d320628197e486027df19ccee3232c16509c02

SHA256
639eb6ae11fe7045b893cace3c8a8ec764ce7d3a0602f716d9f8f3c0390d5b85

SHA512
48df7d4afca543a8093ba19d317a3ff621ded4e4665d839093308a5859e69d74da239177e3c4206c5546c444134f464862cb284a5a0873e1a2b0044c68bae634

Download Submit
C:\Users\Admin\AppData\Local\Temp\config

Filesize
18B

MD5
2f3e86b633adb832ca05f09b1fcb4dff

SHA1
de2145e4f1b47fd259ad4f0b33698442f13d5170

SHA256
515ca85f56b4277d9f56ba196c1ab0470a50a7511a2593c93cd5a0cf2ba7a52a

SHA512
c7b1d2fc66e3144af5806833d6f0fb645bdf90678c6937f116838f32386670aaf9618c80093e4c6bc85de65946d0e54ba2d0e4c8826a768989610476d7eadc22

Download Submit
C:\Users\Admin\Documents\Changguang\CG100\Log\cg100_2023-12-12.log

Filesize
263B

MD5
98c531337e774ee0229ed7cf263b92f0

SHA1
5aacc9634d58646e16f3e487543761680a96acea

SHA256
628b65720ddfcef05000f1d96758bcbde19e32839385fc8bc70e3601b14dc99b

SHA512
29472319ff83e29bb366e264c915b9699263a7166f98108a810a7309e153c886ed01b7727a30f3dcc5f1f08ec881140daa10357978f772c2152082d260954e95

Download Submit
\Users\Admin\AppData\Local\Temp\Update.exe

Filesize
64KB

MD5
70c72bbc82b4f55dd1fe76fa3ae905f3

SHA1
f98c56a5f249876521d35a295bec926a45426064

SHA256
291c59975cf426bc7992a1f763c225f69445ad3847b47bde8dd32f9c0c4e1b4d

SHA512
dc3bdc5c6832f466e61bc749e4eb9dda65fbb01fcdb6c478c1b04cb9d61fee66acc481d3e799cc49629506a0b886ccf74418521bbc95e5553226ee453b49b94a

Download Submit