Overview

overview

7

Static

static

3

ccsetup624_pro.exe

windows7-x64

7

ccsetup624_pro.exe

windows10-2004-x64

6

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$_98_/$_98...er.dll

windows7-x64

1

$_98_/$_98...er.dll

windows10-2004-x64

1

CCUpdate.exe

windows7-x64

1

CCUpdate.exe

windows10-2004-x64

6

CCleaner.exe

windows7-x64

6

CCleaner.exe

windows10-2004-x64

6

CCleaner64.exe

windows7-x64

7

CCleaner64.exe

windows10-2004-x64

7

CCleanerDU.dll

windows7-x64

1

CCleanerDU.dll

windows10-2004-x64

1

Lang/lang-1025.dll

windows7-x64

1

Lang/lang-1025.dll

windows10-2004-x64

1

Lang/lang-1026.dll

windows7-x64

1

Lang/lang-1026.dll

windows10-2004-x64

1

Lang/lang-1027.dll

windows7-x64

1

Lang/lang-1027.dll

windows10-2004-x64

1

Lang/lang-1028.dll

windows7-x64

1

Lang/lang-1028.dll

windows10-2004-x64

1

Lang/lang-1029.dll

windows7-x64

1

Lang/lang-1029.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCUpdate.exe

  • Size

    697KB

  • MD5

    0f0b90a01f049665ca511335f9f0bf2e

  • SHA1

    baf4016e50050b24925437864bfb3c19d0baa901

  • SHA256

    4ad9635351c8e8579c4d4c2bdd679ea7b135ec329adc6fd5d8211255e2e666be

  • SHA512

    44da936d020e857bf3bfa2bcc7a91182da9c1f320fe041bb2836d4e8ae99d4b939ea27842b49b9a2cd24e09c7698579617584d431a2b2f7eafdafa1fb9a59c50

  • SSDEEP

    12288:VBkGdCMw6KJx17OeNg086YN/ggggMDMCy/VmuqLZeviFGQ2mfzAuEUVoFY:VBkeFw62+ggggMvGmev/6ZEUVoFY

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\CCUpdate.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Users\Admin\AppData\Local\Temp\CCUpdate.exe
      CCUpdate.exe /emupdater /applydll "C:\Users\Admin\AppData\Local\Temp\ad01ee90-8698-4410-86f9-d51f57019b7d.dll"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Loads dropped DLL
      PID:4352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ad01ee90-8698-4410-86f9-d51f57019b7d.dll
    Filesize

    469KB

    MD5

    fe6f58fb55d9a93502528c3c9bb13a3f

    SHA1

    516275dddbc9e2f056342201b03a0931d93a6239

    SHA256

    c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

    SHA512

    7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eb62bc06-6a70-4f3a-adc1-a4bab825569d.ini
    Filesize

    170B

    MD5

    2af9f69df769f876f6e02da18e966020

    SHA1

    5d21312d9bd23a498a294844778c49641a63d5e2

    SHA256

    473d48a44a348f6c547aefd2c60dd4b9de0092e1fb94a7611bdd374783ef3b2c

    SHA512

    a4705e5491cf03867fd46e63293181bf761d04fe0cccb86e373dd567c68d646634f64ef95d5b910d2266468b93bf7cdf6f9acbf576c6f42a4ff6c3caa09d2274

    Download Submit