a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

Analysis

max time kernel
141s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
Size

10.5MB
MD5

99f4956e54717c033294558697b73fc6
SHA1

f528e2da3b2006420fd9cadc8a89f05c6a344c5c
SHA256

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
SHA512

a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09
SSDEEP

196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Update.exe

pid process

2496 Update.exe
Loads dropped DLL 1 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe

pid process

2212 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exeUpdate.exe

pid process

2212 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
2496 Update.exe

pid	process
2496	Update.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exeUpdate.exe

pid	process
2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
2496	Update.exe
2496	Update.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe

description	pid	process	target process
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe
PID 2212 wrote to memory of 2496	2212	a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe	Update.exe

C:\Users\Admin\AppData\Local\Temp\a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe
"C:\Users\Admin\AppData\Local\Temp\a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Users\Admin\AppData\Local\Temp\Update.exe
C:\Users\Admin\AppData\Local\Temp\Update.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CG70\CG70.exe
Filesize
3.1MB

MD5
3cc1dc425de923dbdc241a1963c8cb00

SHA1
bb7c991100eb8d4fcea9b8afcd3c39443f318747

SHA256
fd202b2731c8519d0bdb71e3ed93e34380e4451cf932fd6d67fbcca2fb8dd8a6

SHA512
1acc3620d2ae06f1c8d41e159b479ffc784ad45a47c3114df732dcc41fb613fa14f1e05dc567ad5f35f59d3f6b0d9f7eb394264256713df528403abe99de7815

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\37759BC423A03742BA28F028F83DDC472D0D4EDA.temp
Filesize
256KB

MD5
56099cf04cb62bbf923a643edbecccae

SHA1
37759bc423a03742ba28f028f83ddc472d0d4eda

SHA256
d3e1aed0a65867cf1b03654afa65e908874edf783f7cf1c9111da32b012fc5eb

SHA512
0866e5316befadb6404da2f88c830de32b909b626184bfe5c9ba6fe85e28cbaf72ec57fc8779cea1e3f1c0729812e7d27cfb901fb5333797e6e4d4ad9768dd18

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\7478BFF813F45871A59099314FEE632EE59DD5A1.temp
Filesize
256KB

MD5
32a2dcc9bfacf55c4855f25479f59dd9

SHA1
7478bff813f45871a59099314fee632ee59dd5a1

SHA256
74298f1761dbd1c98a9bd4fdac019ba09cd0731dfcc43dbf6b571a2ef0616e15

SHA512
5e4ae6b42a02c4d9ba147ee3ccd4d77564a6d7964b4a1b65a65e5845f7fd89b7aa9ea192d02f1f896f2298aa0e74025794e21f2e7bd5c35c13c52b4d99384ae8

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B4D3522CE53DB921BE6BD75A8C6062C5D5C56334.temp
Filesize
512KB

MD5
333f5f3c6f4497a659db23b222fa4542

SHA1
b4d3522ce53db921be6bd75a8c6062c5d5c56334

SHA256
e94780d1e2393f7c92980d3e66f378117dea4130c546c400b3dd0fd24104cf4b

SHA512
88db19bf3fb4c3a4b7df95e8cd5f608fc8f7708b9ed9d0386e5afddfc4a404035372f0ba451a356034d2b3a4f372350086cb85cdb7b53b8853123951d287eed0

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B8EC36E2F3AFFC5383BB0D4F2E640E4C10EB6FA8.temp
Filesize
512KB

MD5
42635b60b9220dc2d5349c5240f8594a

SHA1
b8ec36e2f3affc5383bb0d4f2e640e4c10eb6fa8

SHA256
59d82d7fbddc6aac95ed23ef3ea4d63fa3d360dc1a628e5976e6103bdd31e355

SHA512
a9f19fb6f55707ff786926b3980c5bf23aceb0cf6628b240eef7b1cbcab56b4c6275d343e1eff7f535976e6fa81c7e6e38b510c6aba976b81285d7aa553a9a5c

Download Submit
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\update.ini
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\config
Filesize
18B

MD5
2f3e86b633adb832ca05f09b1fcb4dff

SHA1
de2145e4f1b47fd259ad4f0b33698442f13d5170

SHA256
515ca85f56b4277d9f56ba196c1ab0470a50a7511a2593c93cd5a0cf2ba7a52a

SHA512
c7b1d2fc66e3144af5806833d6f0fb645bdf90678c6937f116838f32386670aaf9618c80093e4c6bc85de65946d0e54ba2d0e4c8826a768989610476d7eadc22

Download Submit
C:\Users\Admin\Documents\Changguang\CG100\Log\cg100_2024-06-05.log
Filesize
263B

MD5
f19912c66ef3fbcb86691010e98272f7

SHA1
9dc0a00606e6311257edfc825ae73849b5dccacc

SHA256
955d1d535ec3aaae7aed64ff62d172134e3c12e03597bcbd24442d84a6302a33

SHA512
91110c9f4cbc17d08e1e77acb9117b969416942f83c8eba948afe4a192be7a7531b5c705f3623ca01cd661e66fe6b8c7dff5d0daf41fa0b75f40615503a2ad53

Download Submit
\Users\Admin\AppData\Local\Temp\Update.exe
Filesize
10.5MB

MD5
99f4956e54717c033294558697b73fc6

SHA1
f528e2da3b2006420fd9cadc8a89f05c6a344c5c

SHA256
a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4

SHA512
a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09

Download Submit