8244d3c049d38b92198166cd4f16d6a77f67c731fd157683c25decf4e699867e

Analysis

max time kernel
196s
max time network
312s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16/04/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bundles/ccav_installer.exe
Size

8.9MB
MD5

25a371691bf11e30b24ebd315bb972d7
SHA1

458daa4dcdf8227069831e8342eb41689a6e5344
SHA256

08a38c341e88e586f36b185bc41bb2ff951260a00329f389ac2323e958df9d93
SHA512

0ed62de522ec0c672ad5af795e32f4493a7a04dafbebe1571753228f4670324dab592676aae2a71615bd2ca67c066fae828d847d22bc73009dba74956e727b20
SSDEEP

196608:kxBZqrin6pPG+GYxgC4Cbs6AKsMS0lbNR3u81qzzYx/n+:yBZYin+GUsLl0lZVu0x2

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	myip.dnsomatic.com

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
4540	ccavstart.exe

Loads dropped DLL 1 IoCs

pid	Process
4540	ccavstart.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4540	ccavstart.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4540	ccavstart.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 4540	1128	ccav_installer.exe	79
PID 1128 wrote to memory of 4540	1128	ccav_installer.exe	79
PID 1128 wrote to memory of 4540	1128	ccav_installer.exe	79

C:\Users\Admin\AppData\Local\Temp\bundles\ccav_installer.exe
"C:\Users\Admin\AppData\Local\Temp\bundles\ccav_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ccavstart.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ccavstart.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MsiDetector.xml

Filesize
24KB

MD5
89526bb6aef2f9864ab80b960b4a510c

SHA1
03596d6e86e4f6996376d60ba6049c1a2b5dbbe9

SHA256
f29e9d168116e5ace826b986ffbef0490fda0929cf99492ced28f25aac138f52

SHA512
e336f5e2bde017616de814857c080db77fbce47b4673018985e03a8be44f521e05decdaba901d27aaa27bfd959fb2d495aa33c02aa03503de00810fe4a6db2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ccavstart.exe

Filesize
2.2MB

MD5
8f0337f996874456fb61f9295a56e888

SHA1
8bc6b93ce5ebb0fbfb61f0531ce2ac2b9ae33a24

SHA256
3100439d0b5f15f582172137814d6b219cb4c8c983fee8cb17da9d3ae8dd830e

SHA512
9780fd716c10da1b82f253f0beb17774eeb118d0a592b35e2b3ea6e75836fda7db69191742b9d1dd4b9f6ea192dacb8738179ace53247bb26cfd0ee46679536f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll

Filesize
3.9MB

MD5
5e0fac51e9c32cc77a2aa40e2954173c

SHA1
eadc57f849803b3d2a0d41dca6a28fa57139ebde

SHA256
028b1cb38fb37a40bf25867ed0518fbf78cad54e2682fa2af04c41d4ea16b0ea

SHA512
56a4ed7d70458a5b550e796e8eed2599260042b895ee34a4dcf7212e3c100daf8a7af5c6ebc8ec9686df6a5e5759ea34d3ea1a5b022bcdc9f158800d3b9115c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.arabic.xml

Filesize
15KB

MD5
64d2a2b70164e15541c1e3ebc79a2727

SHA1
5462018d83f40098493fd17e507d2bcb3d9678da

SHA256
84f6921d584174fefb02b09e5128827e459bcb3dd909718d1af20c32ab871845

SHA512
403c10e1dd070147ee6966a36b3a5d8378e45cd370dd1b18d12032adece2875f8ecfbb4021e25d1d2a166b1273abfc56b29170dc2b1fc5cc6148dd89246ca7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.brazilian.xml

Filesize
12KB

MD5
fd3fa4e1add9be2608d68fa369cb771a

SHA1
9fd70241ab92baa3c055a90bc0f42b98803bb7cf

SHA256
4ef8c871651f7b5b6bed612c8911d1db13007b173eb39119c4bd2c32acd4d8dc

SHA512
e66584bb678aac1f56aad3bb905c13e9eb857bd7c5718458e14422aed49685cdab83f25d62bbd4a40529ebab4328a677aba3b6c40bfd139d1798ca7a39a7e545

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.bulgarian.xml

Filesize
18KB

MD5
13193f9c64e17f4f43ca2e34d0511f73

SHA1
82c39be6756bfddc15f60a0131bc97117d0aad5b

SHA256
443b67125322e11f23ff1b8b81da56bcafbcef7a5162dc661afcc4987d5539d9

SHA512
d2ba7d5d105347eaeedfadea85af8cee378dda7946c7ea53f35efdc88a35ff80262e4441d4665e1c370c21468b18a1d2a010dda6ec6bdaefab88ade92c457556

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.chinese.xml

Filesize
10KB

MD5
06981677adb22ec0d203fee5689b242d

SHA1
5b6a5b1b6b77bf721b3898c190ec0f678466db08

SHA256
a01a02d61a713ef997e7081123cd696354fd90d82e9cf7af8016f5138aa52815

SHA512
f0639ed9e07e0b2b6ecd2a5980b6e03ba9127854cf806a8fc4d3903508d3672e6b0eff1cd8d141e289a5666a9fe6cc95f64159ee83553cc56240b2e6a4fd4f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.chinesetraditional.xml

Filesize
11KB

MD5
6882c6306509426e9193602b606069e8

SHA1
a5578041ca451a951c4be3da39b9380bf1aa9f32

SHA256
a1b88b9803f315663dd08a5b711c544ad4aff20637d58ae752f198831c737c97

SHA512
20cea3628120fb1b881faa3baa44be8337950154662b146686ed61a723f7a0ee1bf30d09703aaf2c83344cd01ae8c60fb5065febae6f4176baff6bac7b0c4326

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.czech.xml

Filesize
12KB

MD5
b539302cf7c3fb918a2bca91467aa8a3

SHA1
f3337eed3d4bf807a42e48b8fad05c16b8e7f684

SHA256
a90735a7b32f019d32413da7ea6f5ccda4c51d303735d80520e6ab3352fcf371

SHA512
e7a664147f9b917f8280cc21b70a52d7866fdbe9b1d33a01e616cf455955153f676d02155bee578a89896063cb6a6d75864c804ecde0a75863db324636cb5083

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.dutch.xml

Filesize
12KB

MD5
3faa9a7da255116b13677f149d90f444

SHA1
c952a3cceff6db0fbe0db1100ec9e76bef5448b1

SHA256
1ef2a1171c8bb460b75f886b960c069fa4e1cdd15d4e7b10dff4c7c61f3d0936

SHA512
152db60a9728382f8b7bdaadad2a7213ed3d41a2df4983d267f00b98e0ea9f88400a19eb72ea362064cfebe733fbec38568c7ebfb51259e0f43f8cd785e36002

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.english.xml

Filesize
11KB

MD5
5628fbd259031827d606ddc29905e496

SHA1
f007cfedce8363e00a59174b721b2bf64cdcb383

SHA256
ae2afe071df265e993b2b30d6319b0f686a4f9b3f52202247f19a125ea1145b1

SHA512
dbaec2c251eb57806c3a5541fa95a2ac7f0fc6ed3a3ecba3f56c83a06c2fca5a4e01541f1e22ec1942d1ddf3ab01d4da04e387595abdab4e09e6f93a48ddf73d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.french.xml

Filesize
13KB

MD5
cb00b2032bfefb80b16f3ac27fd906e2

SHA1
d9ff146e0fec4cab9c29e8a2377e53036f83fff9

SHA256
38c02f76e98579d025a8d4702b6328ca4a5f51d15828211e1e7b72dff86900c0

SHA512
00e1d459a91fac8420a9e8eb1f2d69525bddb92bf9d6a79765c2494a5c918968f3daa27f17b2946795a65357ca0b704c56e91223605220e9bb90dadf599fc8f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.german.xml

Filesize
13KB

MD5
57dadf1a49f020a3b5d725f8574604b7

SHA1
7714980e117bcc758c6d1522a830ddccc0b80391

SHA256
65ff7a53a9765dd6779ba9f4687d6b22a1cb863e9da13f9dbce8a71b12d41390

SHA512
4e9256c0911a0182958e08b6e9c9eef290c4da13f4ee857347ab12acb32c532bd5baac0d7a1150f28982a791337142bc9f0b038eb9d164a99f9da07156e9f99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.hungarian.xml

Filesize
13KB

MD5
78bb1e37df78c357f1bb929f796362fb

SHA1
33bd952e3cea8689cea21ddd6c626e31e82cba6b

SHA256
3b79509a157def2048a1b307c8fb14054ac617c1f4edde648b9378240d2484a8

SHA512
2675d7617ada560a98d38499c132155d0ef8f67d31e1ced981bf2d5df8ba709bfac2053a60d5dab8c494adc1d0921ef9d3502e390c1da627fd3a4039485b2df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.indonesian.xml

Filesize
10KB

MD5
7f854b809e73a792ed3ef138f271c0a5

SHA1
5732f2ca2090f622748c4f6af9772adf1475d73d

SHA256
cf3d63e3ba437d0e32d389f17561a6db2f27729ec4ae99307faff223ebe2493d

SHA512
48086a389e08a08c028c9d920242e3f53b3653c3a0df013cfffd5f8268675dbf500e5df1899afff990326e542c08d19b528225ed1b1418828f2bd19c01fe433b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.italian.xml

Filesize
12KB

MD5
b343a4bfc8ea4d8c4758a77a84ab64a4

SHA1
921f73ce26f88164842ffcb9d4b2fb540bed298b

SHA256
afbbc98144372feaaf3fed15269c02e19722c36cac51b7a6e8889b81f2a5fddc

SHA512
f5d85c85e08e3f0180f7f9e54368b8a8b9bbd54821ff22dec1e91b1ec3fd61088c58c9da50c2a6a6e6c9e90c3d829fb342400c8a579c2438fd7f2a16d11bddde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.polish.xml

Filesize
12KB

MD5
81bf44ba7397fcb0949a7f9204b863a0

SHA1
4098deb6f439c136de82d3f640c7c830767b7d9f

SHA256
8540591560ea2017cf555f22d5916fe292f8888fc511f78840bbb4dcda7ebe83

SHA512
1d3770a5a3df50a12daca56c9adf183114de7382e992e86f61e636742a2c05f9c10deb6e290e6f34f7459e425a837d70cc29cfd10a799b8b71e3a8ebaa134c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.portuguese.xml

Filesize
12KB

MD5
ab826f40ad915d5ae0129a294840b827

SHA1
b67ffbc42e8711ee9212b6ce3d17cdd9c83d632e

SHA256
ad9079241b40533e8f94d42842086eea5041edb9c5b6d60e3927a4d326ea7a2d

SHA512
83fc18e305f80b578e71e31dbb3fd7962377ca7e3154609b179482abef7de68746094ab4210330b53a5ea57ac6e65a9620c6642624e0ed8bb3407697f15a7147

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.romanian.xml

Filesize
13KB

MD5
fd002afa6d1b63fc47b359ff3f47dc27

SHA1
2c21b406ebaf317022b9d5926e0fe84cd94d6994

SHA256
9ccfbc75109dda56dcc9304efa9dfb8d39644de1d28fce9acf7757b6ee9987ff

SHA512
1665896d03d6d96d3eb88b8666ada75f880d762d38bc287547c95ae70fe1666c274dc49f8ff364b1b99413a97172688d6aaf3965636615a6796fb2242678f6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.russian.xml

Filesize
19KB

MD5
0a621023f6ff50f6a64e8407dc12b486

SHA1
8950b5f397b8673820e4ba21c659e4d949e65f60

SHA256
892b9b04a082cf0ac0be2b71171772a45b207ba7f2bc3a0f48176ae1a751052e

SHA512
36b61b3007676e6bced8698839f4ce38d6717885b0e12d049cc1c34a8e7d05bf0d35feb67b6cdccfb61a215874de8c0c18c7d17708f30cdb031b26ec6c5c1191

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.spanish.xml

Filesize
12KB

MD5
1340223554f7b18d4aac95a2f0bcca4c

SHA1
783c7bf9f43e6035b4986b721a3ac24577ee4bb1

SHA256
20b2781aee87fd2ef8f2983462cb9b3d8ed889b9754341c90ac07af4d686d3bc

SHA512
c48a5f1ce11a11c680b9d839574c1f0b1039e6e765081583ad4e5a72047de58a27495ba05cf6407be6880b116308378ece853d3b68e4901635b11a38e3de8dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.swedish.xml

Filesize
12KB

MD5
3c841646135c6d79bc13a0eede6741ca

SHA1
c79ea4c761df75ca144575894d165df750418101

SHA256
078115c0eef550e6cc7cb1cdbeb641e677340a93bea523cfc2eee5c87034d212

SHA512
565a87ddeaeae2b222c92548290a2fda3236cf65a8b58e7dacc5da10c1d84add0fc395ae7e39dfc139a12044d18166b82f18ddde228e335deffd357f76d05fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.turkish.xml

Filesize
12KB

MD5
9ff6a268efe64cb5871a909a0f40f6ff

SHA1
0fd4e583575b9d4e149d53023dc52f712d064cf6

SHA256
9940126bbe66dc1f659c7668fead56f6b415687b9c86099f8b39383da0edb7ca

SHA512
7de6cfad08fde86ee3acb7a661b60e2bfa723b86c3ab220e9afcc40f1b6eb481c77d826b1cd4287d8e650bbb9d262e1f74f7bced38984577540f923eb75c4bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.ukrainian.xml

Filesize
18KB

MD5
ebe1e827b3e6362ea743d1e7ce4a76a3

SHA1
fa5f829f6cc56742ad3d0bedb05eeb1c16db33e8

SHA256
bb27bf6b0233dce6c2595a2a65e4236b104cdca93dffabf3812d98084ddd6fd4

SHA512
b6aab853f8166d80e72bedf5330c93f872b108be279e351a3aaa511bb9387b5683e5975fbef2b6bae946dd914511dd609ae184234713fa914ec0f9b9e75635b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\translations2\ccavstart.vietnamese.xml

Filesize
14KB

MD5
a4bec6c8113a55d7c91a7612b54b077e

SHA1
6c10975ba78ba3e5843431227a5e7c97fc172052

SHA256
5499163bad0be865c0c7d5fcfaae7b0a8e843fa05a9dbdbdb63b1c1866ba2730

SHA512
36eff322abe3f0398b3f2691b0525fc1a124c4e86fa6e05e60a3cf8aea45898a996c0d44b13ee14557fe9cd20851bbabe5b26ab12f50fc72b358a95d25c2fb25

Download Submit