Overview

overview

7

Static

static

3

CMClient L...er.exe

windows7-x64

7

CMClient L...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1793s
  • max time network
    1174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2024 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CMClient Launcher Installer.exe

  • Size

    2.2MB

  • MD5

    c5229102c115b56add70e05a7de3ad88

  • SHA1

    4f0b0796e710f0372d6bee77f757f048bc09d6df

  • SHA256

    8e6133d444e9f33500606cd595216e37a2a8076fc96e0d289a05a16bed752c21

  • SHA512

    b40b481d3d11f66ad87ae407c22e2f239fa2e95e4fb3bd27273a01aeba818608dcb3bb411159125f61cf12873c60a2bca2ec9cc671f733965d6edd7008458d2e

  • SSDEEP

    49152:wBuZrEUZ3eUBtVEz3ZNoOAMDDygTm4WiEA:OkL5t0ZGO53yOmziH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1332
    • C:\Users\Admin\AppData\Local\Temp\is-7J09G.tmp\CMClient Launcher Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-7J09G.tmp\CMClient Launcher Installer.tmp" /SL5="$A0162,1484180,890880,C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe"
      2⤵
      • Executes dropped EXE
      PID:4716
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4928
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:956

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      a69b609ff8c12e93d7ac348b6c422eca

      SHA1

      aa596ec9393b74f3c366233d85100df57a241edd

      SHA256

      93f59c23242877fe6630534cb3a4ca4173dbf6741d4104bac7cdec2d1c48e83a

      SHA512

      9915d72ebf9f080288cf9c01276d5f958c172558be0fda1005d177853cda6542578e8bb1dc37752a0092ce4da023b09841985a12070b94fd998758a6949b1137

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-7J09G.tmp\CMClient Launcher Installer.tmp
      Filesize

      77KB

      MD5

      bba1e370708ffb3fbdfa5a335303cd82

      SHA1

      a5396e16988bca354b69ce4dc438fa7c79c2c333

      SHA256

      4688599661c6cf30dcb2066d2969205c7752739cae1f34290ad8f7f4412f9222

      SHA512

      41fb365ed18372a101dcbecb13f2fca9839f428371f6a68e367a7fcf1998d5cb6429dc4de95dc88899506a9725e98b1948ba556bb379b05ed88a365e859542a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-7J09G.tmp\CMClient Launcher Installer.tmp
      Filesize

      71KB

      MD5

      1e03336304afc3f95ce91a63cebb1f57

      SHA1

      d04de4e9da2eab1a71fc30cd48bb68bd7508ca33

      SHA256

      97f24e3005982fc7484335323dff43d5a838d5564473964653dbce40603cba8e

      SHA512

      cf07f2f486a47acf8a4b3c74f7820c7b7260b0287f6ef914adad9cb297bb716a4293afb6929aa07a78c7ed2a9e15ec935d441d516da06ddda6760b6bbfa20191

      Download Submit

    • memory/1332-0-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/1332-2-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/1332-9-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/4716-7-0x0000000000920000-0x0000000000921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4716-10-0x0000000000400000-0x0000000000722000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/4716-13-0x0000000000920000-0x0000000000921000-memory.dmp

      Filesize

      4KB

      Download