a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
Size

10.5MB
MD5

99f4956e54717c033294558697b73fc6
SHA1

f528e2da3b2006420fd9cadc8a89f05c6a344c5c
SHA256

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
SHA512

a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09
SSDEEP

196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Update.exe

pid process

2664 Update.exe
Loads dropped DLL 1 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe

pid process

1608 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exeUpdate.exe

pid process

1608 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
2664 Update.exe

pid	process
2664	Update.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exeUpdate.exe

pid	process
1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
2664	Update.exe
2664	Update.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe

description	pid	process	target process
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 1608 wrote to memory of 2664	1608	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe

C:\Users\Admin\AppData\Local\Temp\a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
"C:\Users\Admin\AppData\Local\Temp\a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608

C:\Users\Admin\AppData\Local\Temp\Update.exe
C:\Users\Admin\AppData\Local\Temp\Update.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CG70\CG70.exe
Filesize
3.1MB

MD5
3cc1dc425de923dbdc241a1963c8cb00

SHA1
bb7c991100eb8d4fcea9b8afcd3c39443f318747

SHA256
fd202b2731c8519d0bdb71e3ed93e34380e4451cf932fd6d67fbcca2fb8dd8a6

SHA512
1acc3620d2ae06f1c8d41e159b479ffc784ad45a47c3114df732dcc41fb613fa14f1e05dc567ad5f35f59d3f6b0d9f7eb394264256713df528403abe99de7815

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\37759BC423A03742BA28F028F83DDC472D0D4EDA.temp
Filesize
256KB

MD5
56099cf04cb62bbf923a643edbecccae

SHA1
37759bc423a03742ba28f028f83ddc472d0d4eda

SHA256
d3e1aed0a65867cf1b03654afa65e908874edf783f7cf1c9111da32b012fc5eb

SHA512
0866e5316befadb6404da2f88c830de32b909b626184bfe5c9ba6fe85e28cbaf72ec57fc8779cea1e3f1c0729812e7d27cfb901fb5333797e6e4d4ad9768dd18

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\7478BFF813F45871A59099314FEE632EE59DD5A1.temp
Filesize
256KB

MD5
32a2dcc9bfacf55c4855f25479f59dd9

SHA1
7478bff813f45871a59099314fee632ee59dd5a1

SHA256
74298f1761dbd1c98a9bd4fdac019ba09cd0731dfcc43dbf6b571a2ef0616e15

SHA512
5e4ae6b42a02c4d9ba147ee3ccd4d77564a6d7964b4a1b65a65e5845f7fd89b7aa9ea192d02f1f896f2298aa0e74025794e21f2e7bd5c35c13c52b4d99384ae8

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B4D3522CE53DB921BE6BD75A8C6062C5D5C56334.temp
Filesize
512KB

MD5
333f5f3c6f4497a659db23b222fa4542

SHA1
b4d3522ce53db921be6bd75a8c6062c5d5c56334

SHA256
e94780d1e2393f7c92980d3e66f378117dea4130c546c400b3dd0fd24104cf4b

SHA512
88db19bf3fb4c3a4b7df95e8cd5f608fc8f7708b9ed9d0386e5afddfc4a404035372f0ba451a356034d2b3a4f372350086cb85cdb7b53b8853123951d287eed0

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B8EC36E2F3AFFC5383BB0D4F2E640E4C10EB6FA8.temp
Filesize
512KB

MD5
42635b60b9220dc2d5349c5240f8594a

SHA1
b8ec36e2f3affc5383bb0d4f2e640e4c10eb6fa8

SHA256
59d82d7fbddc6aac95ed23ef3ea4d63fa3d360dc1a628e5976e6103bdd31e355

SHA512
a9f19fb6f55707ff786926b3980c5bf23aceb0cf6628b240eef7b1cbcab56b4c6275d343e1eff7f535976e6fa81c7e6e38b510c6aba976b81285d7aa553a9a5c

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\update.ini
Filesize
2.1MB

MD5
0051fbeb7086fd085506de9d98792eab

SHA1
ed64e40ede39a2824dbbe74ac5495abfbc09e1e9

SHA256
7ea07d028281d6848648272cf2e86e030825c67b2ea920f619af701b23027b2f

SHA512
75a3fe70ea611273471616592d5788eb47bf575e390aaf303b417af92826a9749d86ecfe8cba42fd2fe7c3469021a61460e2f092a1f207bd6f094b7c11847655

Download Submit
C:\Users\Admin\AppData\Local\Temp\config
Filesize
18B

MD5
2f3e86b633adb832ca05f09b1fcb4dff

SHA1
de2145e4f1b47fd259ad4f0b33698442f13d5170

SHA256
515ca85f56b4277d9f56ba196c1ab0470a50a7511a2593c93cd5a0cf2ba7a52a

SHA512
c7b1d2fc66e3144af5806833d6f0fb645bdf90678c6937f116838f32386670aaf9618c80093e4c6bc85de65946d0e54ba2d0e4c8826a768989610476d7eadc22

Download Submit
C:\Users\Admin\Documents\Changguang\CG100\Log\cg100_2024-06-05.log
Filesize
263B

MD5
949eb6fbd5ad26d9e93a8cfc843621c3

SHA1
f031bf4170770c046a91b25e7ef50b4065873cb7

SHA256
2b34daa1ff1497b038c61464f110c93b02a637a53d998d20bc92eb2d1c83bf6a

SHA512
ca7d3ba374102968e2551446aa31486ca3f06084aa8597418cbeea6ae62a021baf3f06cc2f935c2dde3fcb0ace6b56f52c0a7dbc567ac63e66e2fa1d275ef971

Download Submit
\Users\Admin\AppData\Local\Temp\Update.exe
Filesize
10.5MB

MD5
99f4956e54717c033294558697b73fc6

SHA1
f528e2da3b2006420fd9cadc8a89f05c6a344c5c

SHA256
a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

SHA512
a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09

Download Submit