6eac9f8171e33090335ca616a8f023fe2832916aba89595ea837a1b0d281fa77

General

Target

Creative_Cloud_Set-Up.exe
Size

2.9MB
MD5

55c119e861daea4111a7b4cbe63e93fd
SHA1

9fd07c1723b980634282474b174f9d1cd88d39f5
SHA256

6eac9f8171e33090335ca616a8f023fe2832916aba89595ea837a1b0d281fa77
SHA512

98311d4dd5a6ee5ba3b7268d7de997fb0e9ca584f93609e1870c41825c161f13bd479d2d7c1dd9222d7d5c408dbc02eed3a3028cdcbc99c068bb3468224382d0
SSDEEP

49152:bnvDCJz5CkjOfrHPSYGin/0TXOZwEBteYoMK76QhrTeryxwbn4IyeWp7msTYYEat:brqzVErIinMjOZzsDT0LntNFmdEa5Je2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2252-4-0x0000000000380000-0x0000000000CFD000-memory.dmp	upx
behavioral1/memory/2252-62-0x0000000000380000-0x0000000000CFD000-memory.dmp	upx
behavioral1/memory/2252-66-0x0000000000380000-0x0000000000CFD000-memory.dmp	upx
behavioral1/memory/2252-70-0x0000000000380000-0x0000000000CFD000-memory.dmp	upx
behavioral1/memory/2252-75-0x0000000000380000-0x0000000000CFD000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Creative_Cloud_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Creative_Cloud_Set-Up.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Creative_Cloud_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Creative_Cloud_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Creative_Cloud_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Creative_Cloud_Set-Up.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Creative_Cloud_Set-Up.exe = "11001"	Creative_Cloud_Set-Up.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	2252	Creative_Cloud_Set-Up.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2252	Creative_Cloud_Set-Up.exe
2252	Creative_Cloud_Set-Up.exe

C:\Users\Admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{8DF1396B-A6B2-4A57-A484-02525C4D97F6}\CCDInstaller.js

Filesize
652KB

MD5
936139dfd9d857700d01e01b9efb0e82

SHA1
fd5c1d8a10ded44a46c133d4f0448dfd50b042ab

SHA256
2fca5e5ea95f7ac4e2038a589355e9f67070693a16890e85e2200e30d4ccb1bf

SHA512
06b27f230f54824058e1565800b7c25c46bb52b957f492b698028b149e30ef5f8c977c0cff568f50e7fd268c68c027de3fd42e7d8cc9db7c61fde49277f66285

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8DF1396B-A6B2-4A57-A484-02525C4D97F6}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/2252-4-0x0000000000380000-0x0000000000CFD000-memory.dmp

Filesize
9.5MB

Download
memory/2252-15-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2252-34-0x0000000005A20000-0x0000000005A40000-memory.dmp

Filesize
128KB

Download
memory/2252-33-0x0000000005A20000-0x0000000005A40000-memory.dmp

Filesize
128KB

Download
memory/2252-62-0x0000000000380000-0x0000000000CFD000-memory.dmp

Filesize
9.5MB

Download
memory/2252-64-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2252-65-0x0000000005A20000-0x0000000005A40000-memory.dmp

Filesize
128KB

Download
memory/2252-66-0x0000000000380000-0x0000000000CFD000-memory.dmp

Filesize
9.5MB

Download
memory/2252-70-0x0000000000380000-0x0000000000CFD000-memory.dmp

Filesize
9.5MB

Download
memory/2252-75-0x0000000000380000-0x0000000000CFD000-memory.dmp

Filesize
9.5MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads