Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

CCleaner.v...97.exe

windows7-x64

7

CCleaner.v...97.exe

windows10-2004-x64

7

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...ng.dll

windows7-x64

1

$EXEDIR/CC...ng.dll

windows10-2004-x64

1

$EXEDIR/CC...49.dll

windows7-x64

1

$EXEDIR/CC...49.dll

windows10-2004-x64

1

$EXEDIR/CC...58.dll

windows7-x64

1

$EXEDIR/CC...58.dll

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...49.dll

windows7-x64

1

$EXEDIR/CC...49.dll

windows10-2004-x64

1

$EXEDIR/CC...58.dll

windows7-x64

1

$EXEDIR/CC...58.dll

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...ng.dll

windows7-x64

1

$EXEDIR/CC...ng.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 12:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $EXEDIR/CCleaner Free/CCleaner64.exe

  • Size

    6.0MB

  • MD5

    debad230966fdfbf8f8bd62d99a17865

  • SHA1

    ab648a9b7254958d2a957959f3bb0378cd7f26ba

  • SHA256

    5bf887d4e78afba3cbeb7e7815d52793f78cdb1df396eb8ac972539ced98c6a4

  • SHA512

    bbe3cfbd6209d4c3d646d838eb8d46da5531e453eb64a594902a7ea822347550982276e302e087ffaed2f2e6209c7813b2eab5135e21f7108a2c993d0a83f2c0

  • SSDEEP

    98304:4GYV/Ly+S19+NvTNIj/6QwG3RcUmfX/ZdQEuMTz29fA4rb:IQ+S19+NvTNIj/6QwG3RcUmfX/ZdQEuf

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks for any installed AV software in registry 1 TTPs 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner64.exe
    "C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner64.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Checks processor information in registry
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\ccleaner.ini
    Filesize

    76B

    MD5

    9533e4f83c3ee2979fe3e77f264bfd5e

    SHA1

    82f657efa74fd88b5a3d5658cd7175dc8fe9d621

    SHA256

    c18a00ffe94fa58d0669b19679e09e7eef0200f288b8f13b770ed54cbac8c3a3

    SHA512

    30c5df5c55e378bf880945300019d7bfab090818350fba2f7af0ed3a71553e3f2a33ec0455986f2bb88b349f8d9aa876751a3da8feb9f7ae55da4b39e5d451bd

    Download Submit

  • memory/1976-5-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1976-263-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.