5cc24db41f999acdac5e646ff3e68b3bb52bc7d4bf57b6a85302ea2972b83f64

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc814dbc72d0f001ebc0ae86399359fe.exe
Size

1.2MB
MD5

cc814dbc72d0f001ebc0ae86399359fe
SHA1

2faed5c104f4476fc450be0def8fc90d0eeccfb0
SHA256

5cc24db41f999acdac5e646ff3e68b3bb52bc7d4bf57b6a85302ea2972b83f64
SHA512

d093f12ddd8631db2e51d9e44c7913d2c163fd720a2c6eb3aa71d457d59210044c3ab762c39644897daab9ac39d6964f62874cf1da516a7f8959da7391522dfe
SSDEEP

24576:xuppnxO5dTbuc8D6ubfk5fRv3I/9sH2hO9wq8oDPBIzF1TqaDOMkuGU8L1Qr:xIxuicVWfkTvXHv60PBIzFB7uVL1Q

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\drivers\etc\hosts	cc814dbc72d0f001ebc0ae86399359fe.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x0000000000713000-memory.dmp	vmprotect
behavioral1/memory/2208-1-0x0000000000400000-0x0000000000713000-memory.dmp	vmprotect
behavioral1/memory/2208-724-0x0000000000400000-0x0000000000713000-memory.dmp	vmprotect

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	cc814dbc72d0f001ebc0ae86399359fe.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	cc814dbc72d0f001ebc0ae86399359fe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	cc814dbc72d0f001ebc0ae86399359fe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	cc814dbc72d0f001ebc0ae86399359fe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	cc814dbc72d0f001ebc0ae86399359fe.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2208	cc814dbc72d0f001ebc0ae86399359fe.exe
2208	cc814dbc72d0f001ebc0ae86399359fe.exe
2208	cc814dbc72d0f001ebc0ae86399359fe.exe
2208	cc814dbc72d0f001ebc0ae86399359fe.exe

C:\Users\Admin\AppData\Local\Temp\cc814dbc72d0f001ebc0ae86399359fe.exe
"C:\Users\Admin\AppData\Local\Temp\cc814dbc72d0f001ebc0ae86399359fe.exe"
1⤵
- Drops file in Drivers directory
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9132c3fd7ae57f8849f584edb973341e

SHA1
72d9ce99cf2d65361ce76c3f7bfdcd719aa57f3b

SHA256
bcbb33f35545e0af9e45afd1b0e0e240b599cb6556f503fd396f518a08ccf34c

SHA512
d50dd37b812703aa0327e778074f16c1b509aedfee709198ddc2c6d36220227f12aa758dc427602b6dc1bc4c19dadb70393a6361ad6b9bd4bfec65de48227bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9be08f7b6ca4072ce3760ef2f8c1f673

SHA1
ff68c270bf18a0fd1e540f062bfd9ebe38ceb894

SHA256
b84db179bbb0ed53f740beb50ec40b7c05b62c4334af07929401c725d55fc80c

SHA512
d032aba7990131db9bfc6b4e76a6cb4db1f35e79f5f554bb7e76fa71409d524301126fbd365e09a154c64988e54c47625150113271b57323d88b95d9f760c48d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5b10c21704ee8c3570db53b3403b355

SHA1
b3e9e03452e8a3f587f18633ca59a489c77f81ba

SHA256
c8a5fe7c82411cc4f9e7c67b24f8c0a8e47166000984b7a4e59a9fed8531ff0f

SHA512
9dd1fc78a9c7b6a7127600c8273ceb4c22a3c14c57c0b94d7aae3fa41050451e5389f9518066d0733cd1fd2dd9e2748125b3bb15e9ed61e69b51b3c8d6042394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ea76f1b52fa57633509b85cd38ab0b4

SHA1
d5ee3474cf5d7a3f9259a7b1a293b36d1838333b

SHA256
fc493eb8580e7856813eab492dd817ae589eb2d9e119cae9c027c396423936f8

SHA512
d05e5ce3d2a16c88d7794cb7e8d330714a61581de4708b0cb6c87d0381245374692f2ff1037727b04f074a5eb1fba241bc69c5ab3d63b300d6e62cc52681473d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aff3547acf309b9ec174831b5591d452

SHA1
67fe3105e052d8ce59fb2de375466122d6f1ba52

SHA256
eecb04521ceebbc2c41ce8252ac2a320d1ff22cabba4b3d11e3010f3bfae583e

SHA512
a978181267b126386b3c50b653d145bac4a9b2c23646c9dbf10beac5cd43012b2c916e5ba9a98022b7588ad9b9acaf5c83c889264053fdea8ed04fa5b30a3b55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a21c67e31cc4f47e03bd7a1ed7e7392c

SHA1
ef1dc719efbedc8e23455c5f9c4810f477a5f08d

SHA256
1ae3280c6a5f3f255c24dd8163ccf5598782fcd17f4379407fc37f2a724ab790

SHA512
d2d193818ceacafc15b0fc1e9b5fbcde49c33f1bcd3885984cda00e154d6d756ebc495a3e711122685a2214c6075c5df8f95be87e4b89ce9a510c7a58eb21c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17ee37f7dbb82e1b210c9138436b9982

SHA1
beaeb27a0b47ff09bf33f8e0cde92f69f27434e0

SHA256
9edea4a5ebfbb770d89039dd8530b06fdd4780051eec969d4fd39406ab96eab7

SHA512
bcc5bf9a79493b1522d42fc48817f544869871a1b77e3af0755cbc940cabbd470313ce95aa974ad8c43eea20742a3711f6ada720bbc2549e58e57dabf760e3ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
381ec9102787f4795f9f1d7cb245e79a

SHA1
ef5037fd37acfe5c5e44a08819af55532018c09c

SHA256
e641ef5dc1e40cc8716e55449f3189e18e00e3897db6a78ed54635667bbcbde9

SHA512
18df536de4c337cd3448c8179a41f3c63f8a499ff34f66c031b6512874f9b0dd838270a3cf7db4cc1ca50ec064af8a8a69576e2f6219aa152d2dd2498295d69c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4921068ac36f737722c24eae07df9482

SHA1
6f06fc5eeee89551a56cf41cbd36867ebae49a3c

SHA256
f6e86e5baf0efe229eb160bfe98394ce135896462a631ff5d3ef222d57c3f5df

SHA512
9322ca25f850c5c213d6722c5e71f91a73a9c967c23bf966b8a6befff98673d26e1eb3190628be7a27c20a5b35524e594570628d7631d17958473b0566d64942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
cdaaacf7ac4b568c815a247c511bb0ee

SHA1
c503e1df74ff95ba3445b78de1bf802467c84f1a

SHA256
91c7e8884979ced0c2779f8a2bbb2ca9dd6e3dc4c0f21d9b6ba306b6b5e87e52

SHA512
55ccc12fe496941826d44124b9b12a2e5a3899439babc58fd62721a09c1360997cb0d6d5394ca6ddfcc558f1342d88b83211e04d6a49c233a5d0c7cbca8cc4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F9C.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/2208-0-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2208-1-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2208-724-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads