Overview

overview

7

Static

static

3

CCleanerPr...er.exe

windows7-x64

6

CCleanerPr...er.exe

windows10-2004-x64

6

CCleanerPr...64.exe

windows7-x64

7

CCleanerPr...64.exe

windows10-2004-x64

7

CCleanerPr...ng.dll

windows7-x64

1

CCleanerPr...ng.dll

windows10-2004-x64

1

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCleanerPro_Ver.5.57.7182_Chs/CCleaner.exe

  • Size

    16.3MB

  • MD5

    1da41756212be1ba59ee5e5d910e8f9b

  • SHA1

    cbba9cb8e6e88a03499b8085a102a71cf9c8625f

  • SHA256

    a2a96b00f8b89434fc231f901bf66bdf4b62526faf65a3ce16587643b04a97c6

  • SHA512

    9aa7c5ffc25b3fa0fa7579aba2245bca945c60696bbd253f5ceea78c3cbc129d52f4e65f18499a623c3067d8bd62b92b57e2325835c942cad73057e72ae8181d

  • SSDEEP

    196608:F/1HeOdzVD9lxIK/uTYTPHxBgSx6UrqNL+sfNUa1Dvu:zfdL8TYrHxBgSkUrqNvjvu

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 13 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\CCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\CCleaner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\CCleaner64.exe
      "C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\CCleaner.exe"
      2⤵
      • Checks for any installed AV software in registry
      • Writes to the Master Boot Record (MBR)
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
    Filesize

    512KB

    MD5

    0549776aed723780c7fee174c4a3ac20

    SHA1

    ea7775525a6368dc18ad7c52b37cf90311bb7449

    SHA256

    be6917a8bb09f3b0b748c8beda11462c71417eec4dba1e1c5eca978ec8adf5ee

    SHA512

    10afbf94c0a5d5545373e25373bbaae0462dd637d4899dea012b1b460724a4c817ecf872c19ec769b3d478d0c75177f9b9ee070612ce5e3a56543537f06827b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\ccleaner.ini
    Filesize

    388B

    MD5

    abd14da7583a6411086f91cf1973c5fe

    SHA1

    6bc4e17bddfa4c3e557557320fa54c70f9b185ee

    SHA256

    cc17ca1cf49b9d58d70c9e6628bc35cf19ae95a63fec3f89c0b13d23de3aa1be

    SHA512

    d4d641f431f2bef9420c6684dbc641b4d180bdb5a4d9c24b1cc9b189a122a03f021894fea5ef840bd79b6066475b5a1e5d6ea8c923d855c435a87ea67d2d5c23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\ccleaner.ini
    Filesize

    255B

    MD5

    e8d6312d001eb0b88a45ccf2aef179e4

    SHA1

    44215039af287cad391e0ef48857f26a39545f3a

    SHA256

    c4f0cec8d6b05e69b5c6ea0c301eac765ee2f7a94961dc98ee87b86df1b0306c

    SHA512

    2ab093e61ba21cdca0308ef5a73ea72714a1dadd18d8044ade1f9c70e9737ffcac32e501849d67a0ae23d4f9b1463cc1f14303b9dd2f591e27e47b96ee4b2678

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\ccleaner.ini
    Filesize

    458B

    MD5

    ac4e738fc609940f80f82faf73ffea49

    SHA1

    dc87c8a53d30d9cbd93acaa3770e2546d9acce3a

    SHA256

    a19c40c28f103d98eecbbc26935e9e94cbdf12e08f65d0f623f3abd452486c1b

    SHA512

    3ed2d7e11ac48a0575d3d011969516deb2fe266b441c5025c8f0d6a6024cd382ca284eb6e324c2149b7f725790de0bf650e08545a76edf4755983fd134c2100a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CCleanerPro_Ver.5.57.7182_Chs\ccleaner.ini
    Filesize

    492B

    MD5

    942a65e6f83267594753b7d3e5609833

    SHA1

    573185bf395644dbd56e6357c4692131597daeb5

    SHA256

    3728c280cae14014ddaf5cead8d2141324ba4f350f81e21e7b1782fbf6679297

    SHA512

    ef4693b11d9a2b2a2ac866f62c99133e1a51f58a566d1eb7e236392b138b1e55718245c4527168f3a0915de5d8da214169d6dcfed5a81285f511dfcaff2a90f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab251F.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar281F.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2596-59-0x00000000026D0000-0x00000000026E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2596-93-0x00000000034C0000-0x00000000034C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2596-22-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-21-0x0000000001F90000-0x0000000001F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-65-0x0000000003100000-0x0000000003110000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2596-20-0x0000000001F80000-0x0000000001F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-88-0x0000000003390000-0x0000000003398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2596-23-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-95-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-100-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-19-0x0000000001F70000-0x0000000001F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-18-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-17-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2596-16-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download