Overview

overview

9

Static

static

7

CCLauncher-Setup.exe

windows7-x64

9

CCLauncher-Setup.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    132s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2024, 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCLauncher-Setup.exe

  • Size

    2.9MB

  • MD5

    82cc62b29242dcaafe424400b12ee2fa

  • SHA1

    74b7940026ab1bbf99445958f9731ec63234dec1

  • SHA256

    ca22090738d5971eeefe09507f82e17f958eae1ffed175cc661cc0fbe65f7aee

  • SHA512

    08f0533a86e1d1b4f9402b3858a92a284a9e2b496096fc791de52bd9c5e6c2e5b00c808e67fb9c956923cee87ee5f8e9328039f8d79093f0872a71e9272cfaff

  • SSDEEP

    49152:VAGNasNJnazTkmLp/w/qKP1Wv/cNwDhWiZe1n1t5Kh5lYOw8a+8F4RLQjqBN:9Nx+EmV/wTPkHcNChWik1n4hk8aN4Yq3

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 10 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 32 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCLauncher-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CCLauncher-Setup.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: RenamesItself
    PID:1716
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3d32f3bc5dd78a43e8bcdedb07bfad1

    SHA1

    fc4204321a464765af193f1543c4633ea99b119c

    SHA256

    c1f6e378bc0b6bee368f8742b8dda9870541d3ebcc4159b42b18d52f8ffde90c

    SHA512

    0dd6bc80297d716bc8655c36ea6090c004dc947d58b2c9ee8a543fc7d7a54c1eba51a61328e0e37f5700a4347d27ff6e29e848df02d87ca5daed580d0b7b2e53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c46968f9c37ba3294bd1a346398092e0

    SHA1

    9f14d585e39ad19bed0b09787d3da9f4e2af8c85

    SHA256

    b75f40e000d433fd796ab5d47a89116439d9696254695e0cff6620ff781be367

    SHA512

    8617c882c3d2edcf7f3416134f7e7eada767593be26e7802fe0ef8c517151eac89d108f9b7fbb1e3b11d42ec1a0bb279e4ce0cb4e3eb21151ee36196f31b15c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4585625a11b3f339015913bd3e6505e

    SHA1

    f9d830d7df94e311f43be45fde824eeda2117ad6

    SHA256

    a9d382d98b43acf7a4687facc7ab4f27c9d24ecf0ecdad77ac26f333e24131f5

    SHA512

    c5767548a7e592d7cf499cebd8d8ebff60cf6e216912f0c043f493a8bceed00c1f85df26819c42663a66e85fd431d2c51a2715ef7495853bc4be44d4c8da0d2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abf946832c647062f8b9e412ca300151

    SHA1

    d3c5829f1c698aab06157fb4b52a36cb9e9cb0cd

    SHA256

    d1e1fbbfbfb069f3c3b582aba00e28488d418c25549c221d1c71c190fc519664

    SHA512

    81869cbb776d8a04d59d9e945524fd97497aa9c9f31eb9cb37ff1e8807a917aad65cf25f8af2d99459a0838d22888c191555385fc013542fc0049a25b860f593

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4077efd42a4c31fc8b2fa56de90d7434

    SHA1

    1c50a78a979e176c77fab59180cfb69631ae7379

    SHA256

    8f350e319ca2d2088667f4468c802e9f7ea5db16b0139bcd26fabda717801c14

    SHA512

    014e164e6d48a6dcebde6def49b11843168ddc6572d6b6d5c98de8256b4840ee916f284340a8f6a4ef59e2faeb2fec1a3fa4745fd9654539c45ba2bfff561bfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b71f5a3941da4a562c69f5f25298c0a

    SHA1

    da0d2429745945e5b582b44a6b4e182c02e861da

    SHA256

    788c83c4473bf1b46dd2f9781ba033dc3cca952bf2fb6a006abe49bd0985c433

    SHA512

    b3884ff6dd52e61cc8440e7556b68e0acb4d3c09124dbee9c54b833c99f9e00575f8c9e43730282ccda29da98cd2d4cc5c46d58d769ec2123beb55b6863ebd8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2c8c52664566ab23d16153b408fd709

    SHA1

    ee7fef8cd373df06ab4c819b21d686babfe4ef6a

    SHA256

    c29390123a2113cc3b8261f307ba4956545acd20859119fae237b0c61ac3c5f5

    SHA512

    754fc6f1d3293bb1dbc51e1e5b830ba8be69dbacf374546c3df4a7dc43798f4c4c3aceecd7652d08f5f8d47f44a859b3f8142473566f83c4cd5c28ef5d216451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a12b671eeeb217017e3e0273d64c5230

    SHA1

    7dc7ebef51c2de108c783e9bb9d810194ad9e555

    SHA256

    72c6c3e8fe0bd7cde9e7439709b0abc0edef9e1abc94a5da88d88a7f2dfbe586

    SHA512

    0e67f20bea7d72cf29d747fc2e3fb2200a9c6c0434bb824d6f96073efd6629ca46ab30ff8c3fa9155f472280ed98631ef60876516d9b73e11782f6c07abd064d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab224.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar225.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar374.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/1716-5-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-46-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-9-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-8-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-7-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-6-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-0-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-4-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-3-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-2-0x0000000000F60000-0x00000000016BA000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1716-1-0x0000000077C40000-0x0000000077C42000-memory.dmp

    Filesize

    8KB

    Download