9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

centbrowser_5.0.1002.354.exe
Size

92.5MB
MD5

c6fbfccb9ab227770293f19345f266c6
SHA1

e971780b1379bf62e62be7ea1e39dcd390a1af90
SHA256

9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f
SHA512

cec21d8df0ac644fb90ddf1a6ab3ee4e3b56c86c1b1c305e6eb0e1b02cb4ade8eaa645ffc7a3419d8ceff8300ed5ba6e01f0d1ed135af28409010b76ab59c3f5
SSDEEP

1572864:hU6i3bMnAvPlF+zs+STRVt9O0JoNYERplnQzJdG9X9y5N3U9ujJ1VQcWkRwvOuZk:hULLMOPlFysHVyDTlnEvj7jnOcZwV8v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2764	setup.exe

Loads dropped DLL 13 IoCs

pid	Process
2032	centbrowser_5.0.1002.354.exe
2764	setup.exe
2764	setup.exe
2764	setup.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2332	2764	WerFault.exe	28

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2032	centbrowser_5.0.1002.354.exe
Token: SeIncBasePriorityPrivilege	2032	centbrowser_5.0.1002.354.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2032 wrote to memory of 2764	2032	centbrowser_5.0.1002.354.exe	28
PID 2764 wrote to memory of 2332	2764	setup.exe	29
PID 2764 wrote to memory of 2332	2764	setup.exe	29
PID 2764 wrote to memory of 2332	2764	setup.exe	29
PID 2764 wrote to memory of 2332	2764	setup.exe	29

C:\Users\Admin\AppData\Local\Temp\centbrowser_5.0.1002.354.exe
"C:\Users\Admin\AppData\Local\Temp\centbrowser_5.0.1002.354.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\CHROME.PACKED.7Z" --show-install-ui
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 772
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\D3DCompiler_47.dll

Filesize
99KB

MD5
a692ba1e038f1f38dc246796bca6f98b

SHA1
707d37214545206eb1cc46eb3a3dedf4ea1d8232

SHA256
cdbbe1abc2836986fd2381634d9ddc2492c2d3bd507464fd0661a07031d12077

SHA512
a25e04851029d1fcda065b2211900eb5d32a52f5f5db8633ab2ff50c04383e4b93079e09abf9e5597d81e3baa22d95215313f09836ddb1e3b51e3f11dd825c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\icudtl.dat

Filesize
103KB

MD5
0bb664dced4e533a52694798f7dd77c6

SHA1
9d1300fac4e7fcdfd64c619da08fe208a95c2f49

SHA256
c188c2c46674ab1bc3542ab2af34fad311ba07a804e2c45d3a15cb06f0dc08c5

SHA512
24599d43bc6df58582c2448eb393574253751c1629e43f4b02c610644ea0341173066bb1035bf99b67d05ec01323d3c7fecf15b78c52180f6f8acdc1360d9c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\libegl.dll

Filesize
45KB

MD5
bf4c932b23d146bbd30cc77e83034b0c

SHA1
3f27365d6f0605de7a60e1092a98f241df833d21

SHA256
7a5533de75ea7452dc26e6e37ea5e849426c33de062881a7cfbecb8b02e3026a

SHA512
fed175cce5782e821d0e06b588549a506eb8bb524309facda42c8f41df7116ffb3d02b63683e98d0aad505b4727cbcc96bb170235817e05aec29c74eb077e38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\libglesv2.dll

Filesize
108KB

MD5
6b53c8e0511ff7ab20fc0835273b0bb4

SHA1
6bc4887ac75e36eb28cec8f9a320d2fce5ed8e3d

SHA256
ebea0cf4bbd60bd604c019f51d5c929a10f392c5cb35dc4221dc45d418181fcd

SHA512
94a7d4c645731820480efb27ccfd83dfbc10bda8d77e1d0a6c6d95657d3547ff0c736bf7bbeb5b1e550ebaaeb185e59eac6fcf522a9768670f2405cc21811872

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
109KB

MD5
596f3e5a2948f01e5afe527d217a990e

SHA1
702df100a185114131ee6c76e22ccc919082cc94

SHA256
10b020ad61eb4f9f32440a7c5e3119e472fe41c65aa1ec50648f715c43ae9221

SHA512
8629b988cd372dff2fd71ee1a40baedece60625a58644e1d55dbbc46809788aac16cd89cd75ea23e5031fa2948094d4034a0dcb8ab432d9fcf8840ba96fe779e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
98KB

MD5
35f5fd3147cfc31b2bcffe76422f8694

SHA1
4ba0057f1afd07ea4fb766b927b1a6dd5a11c257

SHA256
7d04aa8f0f2df09c5572e00f863b4dd503e861f77af84169cd1ac3fb4385da4f

SHA512
351becd909dda06afbd5815d17a594e6f22df4ef56195477645e6be66251b76d4f5a456b4289e2f8f2edce698235f9aebdd9321f9c7821a3dd95010754a38941

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup_resources\setup_images_100_percent.pak

Filesize
31KB

MD5
55f47f7d5273a1b30a4797a2b7a61934

SHA1
229acf3c181a8b374fdbee019535a27ff32ee1b9

SHA256
fd481515c4598eadb7f779997bb1d6bfb9656a0be7299a4570240826152bb78b

SHA512
5f2a790c2aa23d37a0f7532b0a5b77ed53a040919f4aff69ff8d02ea661c683daa1fc32ec91c72f765a5d684fa9fcc626dec1aeaaf761e2619984af092722524

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup_resources\setup_strings_en-US.pak

Filesize
508B

MD5
a3b94840d04c161b0c5ca93772f95f73

SHA1
91856c3100ca252d76d8a4e09e009cf75c8448a3

SHA256
df644f20c0bd7b2f20be98945ef3001f0c55d702f575c2e85f1753927ba63a1e

SHA512
aa9406cc5302dfd7329b774bb3416ee6ef245bbcdbb0517dbd0a8da9c977a508fc5a09c8eb10b3984c46857e7a845186f87d5102df1b62efd40ed33257372d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup_resources\ui_resources_100_percent.pak

Filesize
67KB

MD5
9be22d077d0c4db1aa361cbc6498afde

SHA1
8a584fee410aadd336c27001fcc837d8b3e6c3bd

SHA256
4b291440ce8f214dd179d686a10213b43c8c39b0a1fa435ffa277154486e86ff

SHA512
eb870c4d60eee0f27247056738c72f2969740cd9a0007761d16adefa75e5f4506ae4b9e6ce2012f266f70603c65fc23fa04da6584ab0b315148c7f29279a9373

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup_resources\ui_strings_en-US.pak

Filesize
5KB

MD5
b716abc27f2a4ba0923800b8851d7e15

SHA1
0ab2f6be0b7f350e4deae2bd227f8f4700956d6d

SHA256
889ee4ba1804945eb78601be31f0812feaaeb78ef5f7cb4d32fa7a2368d4ca11

SHA512
947244b04dd73038c0e4a1199cee7749c1905a8ce8163206830968e3ea3b38e406c86eca31bbd456e189476ef5149d780ebc9e9c0caf6496fc07e7169706b16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup_resources\views_resources_100_percent.pak

Filesize
7KB

MD5
ead849d81d25247b765ea00b5a277df1

SHA1
0f3f486a72ceb6f96caae2ee0d4830db7d7cd494

SHA256
822dd9b7fcdaec3a83febc128a7569d9d2035dccd20d1ed08e172f280911c844

SHA512
e903b2f898c99e7c4a06b650f666752d26b8670722c744ded5a4dab54bc979ef6e3ac8898dd3694c5ba66bd6b4da5936653350614939c6d36f07dbc7527562b9

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\d3dcompiler_47.dll

Filesize
113KB

MD5
6ba3a46a54613ce1efde21ed0a1f2001

SHA1
0408008cdb0e2a17d3a5a4ab12404cf047eb6ac1

SHA256
29c38683466199b4dda00a589a6a445e39a9f94f2929a548338d23e1dacba7c2

SHA512
52d37e0856253d5d73f2d17a87a4f51d2bf479bb042b081834b8d8d90c1559d4a27283d033b339e427305dae7398bed70771105021ff6a2ecbc077fcde8ee215

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\libEGL.dll

Filesize
59KB

MD5
061b1fe185fc4c6bd0d37768ee9f711d

SHA1
38750c7f575e5e1c6a2ed0fa05cc86512ed3752b

SHA256
35474f724c77e70d3af4b742e8172d99dc2ae1c0e335a85386c07b9a0dccea47

SHA512
6ec77426b87c9e2b48a2b254cce2479db3b6a679bc1f0fa138e3ebffe3e19384660132f8997b43248f5866f21727906e72bc05dcefaf5737ab9e9da830c6e2cf

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\libGLESv2.dll

Filesize
13KB

MD5
5de58bcec355602a36497501392e3090

SHA1
ff38e114a32a5523e83119f40b004cdf1aa6fd8d

SHA256
18e750d6a3270f356d3ab88da59c49b53a03c425b41b1ed267c937f0946048b5

SHA512
c5087434d456f70ed7a4b65f8db4499068e6747b00e2939de62de66a5af965d11f9f98069856403119bd524bccd29102be81cca8218de3b1b35352561dfad64b

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
1.1MB

MD5
d8e8e37c807103061dd35c4bed734312

SHA1
a67af85c883fb27fe34b03b8367a2777cebe0561

SHA256
339773cf56101b01df54a88dda143ea13be866e3fc7ad58cebf4debfdebfabe7

SHA512
8ab35febda94a5fe5ba0aecbaa454060edfd2b1d45b46edd47b23cca570954ca63fb68779bf82f027dc294eac84c2d78d055cb1ca31c812f9a8294011e42d41c

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
101KB

MD5
d2edc8a011340a81c226460fe33eecdf

SHA1
ad6e061502136765ca00d829029a477925c163e3

SHA256
5eaa029e13a0abce105e9b02a6997c501fb52387ff3d4c88c4fd1967a313511e

SHA512
1a1fe6fc5ce095bf5c4705fdfcbd84d41fcf8a986d89ac5be7e265c5b59def97e849db5f8dbc6229a1189b3275433ff8674dbd16d912b70b1efd6ccf35acfe51

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
64KB

MD5
700511c1106039fb97bd40ca90d60c47

SHA1
ad9e952de6f765740a8fa211f3c7b2a84e34cf23

SHA256
ffe46946af126cd33cc6fb343664ab8c5c4c2f5d56c33094a538caa3f96265e2

SHA512
8068c28ef1b8cf2b37687bb33013aaf413d0272972290ed341cc751d40e1bb2bc1a8f9c2c5a22dcb3cc3ee5d83b7739a04dddbd8b136d1601db5907c540e7a9c

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
101KB

MD5
afc080ff511be1e285111c41f9d3c649

SHA1
545f7e48c3193c5f25ac208d50bc7f4f0b7091de

SHA256
b5015862d0242106d1281e192ae9f01445e3c592ca8d548504d36b76d9edb1e5

SHA512
0c9703853b54340c65010fe814ff84c1779915966af2126bc8796b2ed3bb6b3a84bc06cc2c86f6fe005040ea2fc59bbc50b5bcc43dfd5a618ef8a730ce8c6b5a

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
58KB

MD5
e03c35b10796c4848b602a182d1d9d72

SHA1
02288a79d039534f28d33159fb8c2677f198bb7d

SHA256
c62a9744e226e190324db6bf41d92917dc8805841dc6a8e38555c0fafa77328b

SHA512
050274733fe9636a58f53960c622cbc57dacc5729f389c254ede1c9a08f519b75449915afc5f05699cf3882522ff309a538ad5efc3321d23b45908a4a0a97a94

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
72KB

MD5
5d78a1e8b9513d3a343f05200bc3ef3e

SHA1
2ea855d6d9ddfe92c383e39808f3f5a6b9b193c0

SHA256
613a8fe2ecf2a57a469466e517985248870dc559c3d40839e7138bb0b120ef1e

SHA512
07c32a9d1b21c8f51a4de47a9c6e06eeb5d29bb3d4202014444ece6265be2f4ca9ae8ca881f2bdd5de08723d88cfcd3860373ca88dee67e218dc8655be506b70

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
126KB

MD5
a9d69cf7fcb1bf9f77e87bb51cead579

SHA1
16b3fe2da4dae543ffdd3c59f9f04713153f8d1c

SHA256
03e74d390513b014ddcaaf87ebd65846843ee99d2d1cf9a8c86180119aeb5c8b

SHA512
9de36d47d3765bdf3929b6d9e3083ca6fc9eba29de435f2896aa7730360ca8e78c609398c79a0cb2c07b3b3d4102a1f86c218c25a6f6e7eb9710bf5a0571da5c

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
95KB

MD5
e2dd81c26b9a88cd0d4dfed4f817536d

SHA1
8f5f2d57460c07e11fcf37bc58e072d0b6ce6de9

SHA256
bf53123de887784213b29644dd14f5986c897ac3f1e5cf9271675598ca2a3e5c

SHA512
4828f1df5a4a6bec0b6585aa43d9c30ab3552783c551d1c6621d9ede280ed2dfa160766618ef24559de6bdad7a5fc453b49a1462ec956ac8f782ddfe589d9de9

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
76KB

MD5
9e8d1527191d4d13e57a753f064344c3

SHA1
c9f5736742dee1ccdfe88983aa842a910679b66d

SHA256
a58658d4b77b9c684a44bf10172ecbc2a3b105d51c7cfea99e6c8398a426d3b1

SHA512
c4c7f7c4736f2af0b704847f2c53bb4084b2697b4d279f05117741303bb59cf320cbdbe6f50cb68339d3b20475f2eb63506e9dbf83b1ce2cf52542ae57b83f67

Download Submit
\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_2146E.tmp\setup.exe

Filesize
127KB

MD5
b5e2888a429254ca4a6f0e870d93d679

SHA1
5b45d833ad0a0ad139647ef35299fc084b1ab1ab

SHA256
a47f8c621484a9061cae675a24f480284899a5ca5244d72f08f28cf40596e14c

SHA512
9b1be29563efd42a962a04c004818134f3cde7fc50ae2dc5b0a7bb70d2a370955100efa4506941459822037eb8e6503b620428256eb8b4e4e092295a0ddf2213

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads