3c96b9508fbc2c3d799e4cbc2a82542cd25c0106208a3ad096771e42db964892

General

Target

CapCut Pro 5602062 Crack For PC Free Download 2025.exe
Size

1.8MB
MD5

ff2740c0089b747c3ac604e231e4a77b
SHA1

eff3384a97e669fb1dc40a333fb31d7f04daaad2
SHA256

3c96b9508fbc2c3d799e4cbc2a82542cd25c0106208a3ad096771e42db964892
SHA512

8f501b12909b79b2060c7ec2d811f91c7c05e387e6e38cf2810828d059a5b33a2f80c19ac1a88a5d70df9e5a50d235d88ee5b81b7728c347ae4c0225d7293838
SSDEEP

24576:HawwKusHwEwSDMn61GqKQidUSeMITCqgcfyr4Py6K22i+i8rtVs1ZY7jQY71g:XwREDDM1xdHeMxWrP+beY7UY71g

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2808	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

Loads dropped DLL 2 IoCs

pid	Process
2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe
2808	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Setup\unins000.dat	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp
File created	C:\Program Files (x86)\Setup\is-0DDR7.tmp	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp
File opened for modification	C:\Program Files (x86)\Setup\unins000.dat	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CapCut Pro 5602062 Crack For PC Free Download 2025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30
PID 2468 wrote to memory of 2808	2468	CapCut Pro 5602062 Crack For PC Free Download 2025.exe	30

C:\Users\Admin\AppData\Local\Temp\CapCut Pro 5602062 Crack For PC Free Download 2025.exe
"C:\Users\Admin\AppData\Local\Temp\CapCut Pro 5602062 Crack For PC Free Download 2025.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\is-TMS8A.tmp\CapCut Pro 5602062 Crack For PC Free Download 2025.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TMS8A.tmp\CapCut Pro 5602062 Crack For PC Free Download 2025.tmp" /SL5="$30156,935482,845824,C:\Users\Admin\AppData\Local\Temp\CapCut Pro 5602062 Crack For PC Free Download 2025.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:2808

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-KH9K8.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-TMS8A.tmp\CapCut Pro 5602062 Crack For PC Free Download 2025.tmp

Filesize
3.2MB

MD5
7c2d4f76f6ac461e7c99a239bb13fb6e

SHA1
11d3877dc23d24c89254cf9406b720cf8cc94ebb

SHA256
5b2aca0b1c73524d045c5e461f5fc504b5c7c11256d784b78732dfd00d225e83

SHA512
235e747fb90cb51bf008999b3db378e191080cf68fc85af9f1dc4f53f85378324f60e761a133f8df7ca41c308e895cdab5409c733afee8d68a8f868148c41d5d

Download Submit
memory/2468-0-0x0000000001320000-0x00000000013FC000-memory.dmp

Filesize
880KB

Download
memory/2468-2-0x0000000001321000-0x00000000013C9000-memory.dmp

Filesize
672KB

Download
memory/2468-27-0x0000000001320000-0x00000000013FC000-memory.dmp

Filesize
880KB

Download
memory/2468-42-0x0000000001320000-0x00000000013FC000-memory.dmp

Filesize
880KB

Download
memory/2808-8-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2808-29-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2808-28-0x0000000000FB0000-0x00000000012F3000-memory.dmp

Filesize
3.3MB

Download
memory/2808-41-0x0000000000FB0000-0x00000000012F3000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing