Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3CCleaner1/...te.exe
windows7-x64
6CCleaner1/...te.exe
windows10-2004-x64
6CCleaner1/...er.exe
windows7-x64
1CCleaner1/...er.exe
windows10-2004-x64
10CCleaner1/...rt.exe
windows7-x64
6CCleaner1/...rt.exe
windows10-2004-x64
6CCleaner1/...DU.dll
windows7-x64
1CCleaner1/...DU.dll
windows10-2004-x64
1CCleaner1/...er.dll
windows7-x64
1CCleaner1/...er.dll
windows10-2004-x64
1CCleaner1/...ce.exe
windows7-x64
1CCleaner1/...ce.exe
windows10-2004-x64
1CCleaner1/...or.dll
windows7-x64
1CCleaner1/...or.dll
windows10-2004-x64
1CCleaner1/...or.exe
windows7-x64
1CCleaner1/...or.exe
windows10-2004-x64
1CCleaner1/...25.dll
windows7-x64
1CCleaner1/...25.dll
windows10-2004-x64
1CCleaner1/...26.dll
windows7-x64
1CCleaner1/...26.dll
windows10-2004-x64
1CCleaner1/...27.dll
windows7-x64
1CCleaner1/...27.dll
windows10-2004-x64
1CCleaner1/...28.dll
windows7-x64
1CCleaner1/...28.dll
windows10-2004-x64
1CCleaner1/...29.dll
windows7-x64
1CCleaner1/...29.dll
windows10-2004-x64
1CCleaner1/...30.dll
windows7-x64
1CCleaner1/...30.dll
windows10-2004-x64
1CCleaner1/...31.dll
windows7-x64
1CCleaner1/...31.dll
windows10-2004-x64
1CCleaner1/...32.dll
windows7-x64
1CCleaner1/...32.dll
windows10-2004-x64
1Analysis
-
max time kernel
136s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 13:14
Static task
static1
Behavioral task
behavioral1
Sample
CCleaner1/CCUpdate.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
CCleaner1/CCUpdate.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CCleaner1/CCleaner.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
CCleaner1/CCleaner.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CCleaner1/CCleanerBugReport.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
CCleaner1/CCleanerBugReport.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
CCleaner1/CCleanerDU.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
CCleaner1/CCleanerDU.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
CCleaner1/CCleanerPerformanceOptimizer.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral10
Sample
CCleaner1/CCleanerPerformanceOptimizer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
CCleaner1/CCleanerPerformanceOptimizerService.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
CCleaner1/CCleanerPerformanceOptimizerService.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
CCleaner1/CCleanerReactivator.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
CCleaner1/CCleanerReactivator.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
CCleaner1/CCleanerReactivator.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
CCleaner1/CCleanerReactivator.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
CCleaner1/Lang/lang-1025.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
CCleaner1/Lang/lang-1025.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
CCleaner1/Lang/lang-1026.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
CCleaner1/Lang/lang-1026.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
CCleaner1/Lang/lang-1027.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
CCleaner1/Lang/lang-1027.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
CCleaner1/Lang/lang-1028.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
CCleaner1/Lang/lang-1028.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
CCleaner1/Lang/lang-1029.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
CCleaner1/Lang/lang-1029.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
CCleaner1/Lang/lang-1030.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
CCleaner1/Lang/lang-1030.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
CCleaner1/Lang/lang-1031.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
CCleaner1/Lang/lang-1031.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
CCleaner1/Lang/lang-1032.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
CCleaner1/Lang/lang-1032.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
CCleaner1/CCleaner.exe
-
Size
2.6MB
-
MD5
15a712903d393839edde2bd426c16172
-
SHA1
4ca63e42c1cdce905ddbe55ac8e0f06d64256eae
-
SHA256
46615ee15d060fbd0c1874a3a0179dcb5668cdc6d59b489a15d564e358e2c698
-
SHA512
4b90269c7da4f599e842069492b7b7088d27fa48d52b1cfaf266599744053388121b233c48b02fc47f5c7c8aa4d651e82184e95c253d44a2f1f09c6e8c6089a8
-
SSDEEP
49152:iDjA6pGHZAMdkDi4pWzUro5tKqE9JKXLSdCFy8kwLsY1RIfH2cunBoc5YLN:Sd+sYWWcuBoc5m
Malware Config
Extracted
wikiloader
https://rootedinchange.org/wp-content/themes/shop-isle/inc/structure/uihdud12j991.php?id=1
https://stills.sale/wp-admin/css/iudvg12hd21i89.php?id=1
https://thelevelexpert.com/wp-admin/css/duuu187y289d2.php?id=1
https://valburtonphoto.com/wp-admin/js/81uduhwudj192dkps.php?id=1
Signatures
-
Wikiloader
Wikiloader is a loader and backdoor written in C++.
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 976 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 976 rundll32.exe 976 rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3436 wrote to memory of 976 3436 CCleaner.exe 80 PID 3436 wrote to memory of 976 3436 CCleaner.exe 80 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56 PID 976 wrote to memory of 3404 976 rundll32.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\CCleaner1\CCleaner.exe"C:\Users\Admin\AppData\Local\Temp\CCleaner1\CCleaner.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3436 -
C:\Windows\SYSTEM32\rundll32.exerundll32 custm.log, #143⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:976
-
-