Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ccsetup626pro.exe

windows11-21h2-x64

7

$PLUGINSDIR/INetC.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

$_115_/lang-1025.dll

windows11-21h2-x64

1

$_115_/lang-1026.dll

windows11-21h2-x64

1

$_115_/lang-1027.dll

windows11-21h2-x64

1

$_115_/lang-1028.dll

windows11-21h2-x64

1

$_115_/lang-1029.dll

windows11-21h2-x64

1

$_115_/lang-1030.dll

windows11-21h2-x64

1

$_115_/lang-1031.dll

windows11-21h2-x64

1

$_115_/lang-1032.dll

windows11-21h2-x64

1

$_115_/lang-1034.dll

windows11-21h2-x64

1

CCUpdate.exe

windows11-21h2-x64

6

CCleaner.exe

windows11-21h2-x64

6

CCleaner64.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/08/2024, 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CCleaner64.exe

  • Size

    42.9MB

  • MD5

    4ee9df4bef3571c74b1a4556e6afae6c

  • SHA1

    4cd037edf6984b026f25572298e5c6345cbd7b0a

  • SHA256

    c02731acaa708f929e4935da2338cda307afb4729c962722708e5a4e3b8aeb33

  • SHA512

    a295f2d91639db79c496b31c3f03f175a9b1649d1f4c5342bdcb01c2e8871d3ef48938cfda72c57cc8724ad94d9284fb8f8e9135886e51d69f075b01a8d95085

  • SSDEEP

    393216:OXA+q3dWyq9DcDD7laCZftAYU03aEi3I2sL1Zyx/tPE0ArqNdp1w+AJfRFhSp0D:OXVqN/9724u/BEiw+AJJFs1J

Score
6/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\CCleaner64.exe
    "C:\Users\Admin\AppData\Local\Temp\CCleaner64.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/420-0-0x00007FFE06B30000-0x00007FFE06B31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-1-0x00007FFE06B40000-0x00007FFE06B41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-2-0x00007FFE06B50000-0x00007FFE06B51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-3-0x00007FFE06B60000-0x00007FFE06B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-4-0x00007FFE06B70000-0x00007FFE06B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-5-0x00007FFE06BD0000-0x00007FFE06BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-6-0x00007FFE06B80000-0x00007FFE06B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/420-7-0x00007FFE05710000-0x00007FFE05711000-memory.dmp

    Filesize

    4KB

    Download