Overview

overview

7

Static

static

3

CMClient L...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    207s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 13:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    CMClient Launcher Installer.exe

  • Size

    2.2MB

  • MD5

    c5229102c115b56add70e05a7de3ad88

  • SHA1

    4f0b0796e710f0372d6bee77f757f048bc09d6df

  • SHA256

    8e6133d444e9f33500606cd595216e37a2a8076fc96e0d289a05a16bed752c21

  • SHA512

    b40b481d3d11f66ad87ae407c22e2f239fa2e95e4fb3bd27273a01aeba818608dcb3bb411159125f61cf12873c60a2bca2ec9cc671f733965d6edd7008458d2e

  • SSDEEP

    49152:wBuZrEUZ3eUBtVEz3ZNoOAMDDygTm4WiEA:OkL5t0ZGO53yOmziH

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Users\Admin\AppData\Local\Temp\is-VUATH.tmp\CMClient Launcher Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VUATH.tmp\CMClient Launcher Installer.tmp" /SL5="$70052,1484180,890880,C:\Users\Admin\AppData\Local\Temp\CMClient Launcher Installer.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:4436
  • C:\Program Files\CMClient Launcher\launcher.exe
    "C:\Program Files\CMClient Launcher\launcher.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:436
    • \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
      "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3640
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:2472
    • \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
      "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
      2⤵
        PID:440
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4484

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\CMClient Launcher\launcher.exe
            Filesize

            656KB

            MD5

            dcbda635f728290c44854487b9132b89

            SHA1

            869b59aa50fcc17a1625e4a7c313fe7c1d448afb

            SHA256

            4bd96d178c9d92c482fb8f738ca56acaba2e7d90e407915b8593c1d6153b3114

            SHA512

            0a7a0a25c37b2c34f1f86a4d457fb9a27568a3692e642e7eca45cff9098840bb18bdd5fb151394db58dcccca0afe14b934177109fd33145631dad4871f915f1e

            Download Submit

          • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
            Filesize

            46B

            MD5

            c02da72a9ede5339dc999f48deb52982

            SHA1

            c8d339c2fdc3820f77938b30c80fa6fe3b924289

            SHA256

            1f7448e870c6bb6406fa4a6a89628c6cf1e0db6c6dd2be4f116f779e805ac4d0

            SHA512

            0c0dfa7b303373db6a22efc7437cd53cce536edfedcd100a1c7808db3f183b1f5fe7e0910d30eb9e8f9ab99e5d8196de6c04404c1a8a7158dcf5fa6c390845d0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-VUATH.tmp\CMClient Launcher Installer.tmp
            Filesize

            3.1MB

            MD5

            b3edfc7fa927c450bb946b1a2d16ab91

            SHA1

            c6ee37f45c1db5e3cb46a23fb81ac4f337276046

            SHA256

            71c1c23215c350ace52a2a219e5810645e2bd18e8530618bc5b305f7fefb72e2

            SHA512

            028c6565ad24c05a318d8f5c752f09baa6222352081a52f2cc93420c1b51a05aac3b4031f76a6bd67ea421bff876fb7ad55904c64c35dd4cdb230332bfdcaefa

            Download Submit

          • memory/436-109-0x0000000002870000-0x0000000002871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/436-102-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/436-108-0x0000000002870000-0x0000000002871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/436-69-0x0000000002870000-0x0000000002871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/436-111-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/436-113-0x0000000002870000-0x0000000002871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/436-120-0x0000000002870000-0x0000000002871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/436-97-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/436-181-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/436-92-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/436-67-0x0000000002B40000-0x0000000003B40000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/440-54-0x000001B3CC3B0000-0x000001B3CC3B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/440-45-0x000001B3CC3D0000-0x000001B3CD3D0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3640-179-0x0000024B6B0D0000-0x0000024B6C0D0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3640-41-0x0000024B69880000-0x0000024B69881000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3640-33-0x0000024B6B0D0000-0x0000024B6C0D0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3996-0-0x0000000000400000-0x00000000004E7000-memory.dmp

            Filesize

            924KB

            Download

          • memory/3996-23-0x0000000000400000-0x00000000004E7000-memory.dmp

            Filesize

            924KB

            Download

          • memory/3996-8-0x0000000000400000-0x00000000004E7000-memory.dmp

            Filesize

            924KB

            Download

          • memory/4436-22-0x0000000000400000-0x0000000000722000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/4436-20-0x0000000000400000-0x0000000000722000-memory.dmp

            Filesize

            3.1MB

            Download

          • memory/4436-6-0x00000000025F0000-0x00000000025F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-73-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-90-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-87-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-84-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-85-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-82-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-80-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-78-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-74-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4484-71-0x000001DC22CC0000-0x000001DC22CC1000-memory.dmp

            Filesize

            4KB

            Download