1/2/2024 0 Comments Ccleaner piriform 5.39![]() ![]() Uses Microsoft's Enhanced Cryptographic Provider ![]() tmp\Googl eUpdate.ex eĪntivirus or Machine Learning detection for unpacked file ![]() Source: C:\Program Files\CCl eaner\CCle aner.exe com/go/app _releaseno tes?p=1&v= & l=1033&b=1 &a=0īehaviorgraph top1 dnsIp2 2 Behavior Graph ID: 142927 Sample: ccsetup539.exe Startdate: Architecture: WINDOWS Score: 42 83 s1.pir.fm 2->83 85 2->85 87 25 other IPs or domains 2->87 123 Antivirus or Machine Learning detection for dropped file 2->123 125 Uses ping.exe to sleep 2->125 127 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 2->127 129 3 other signatures 2->129 9 ccsetup539.exe 36 258 2->9 started 14 CCleaner.exe 2->14 started 16 CCUpdate.exe 2->16 started signatures3 process4 dnsIp5 107 9->107 109 9->109 111 f. 9->111 75 C:\Program Files\CCleaner\CCleaner.exe, PE32 9->75 dropped 77 C:\Users\user\AppData\Local\Temp\.\pfUI.dll, PE32 9->77 dropped 79 C:\Users\user\AppData\Local\.\pfto sleep 9->143 145 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 9->145 18 CCUpdate.exe 9->18 started 23 chrome.exe 9->23 started 25 CCleaner64.exe 9->25 started 29 4 other processes 9->29 27 CCleaner64.exe 14->27 started file6 signatures7 process8 dnsIp9 93 5 other IPs or domains 18->93 63 e40a3dd5-0349-4b10-bf90-f9521f14d1c2.dll, PE32 18->63 dropped 131 Query firmware table information (likely to detect VMs) 18->131 31 CCUpdate.exe 18->31 started 89 s1.pir.fm 23->89 91 147.75.33.239, 443, 49834, 49835 unknown Switzerland 23->91 95 20 other IPs or domains 23->95 65 C:\Users\user\AppData\.\Origin Bound Certs, SQLite 23->65 dropped 67 C:\Users\user\AppData\Localbehaviorgraphoogle\.\LOG, ASCII 23->67 dropped 133 Writes to foreign memory regions 23->133 36 chrome.exe 23->36 started 38 chrome.exe 23->38 started 40 chrome.exe 23->40 started 48 3 other processes 23->48 97 3 other IPs or domains 25->97 99 3 other IPs or domains 27->99 135 Tries to harvest and steal ftp login credentials 27->135 137 Tries to harvest and steal browser information (history, passwords, etc) 27->137 101 3 other IPs or domains 29->101 69 C:\Users\user\AppData\Local\.\System.dll, PE32 29->69 dropped 71 C:\Users\.behaviorgraphoogleUpdateSetup_1.3.21.169.exe, PE32 29->71 dropped 42 GoogleUpdateSetup_1.3.21.169.exe 70 29->42 started 44 conhost.exe 29->44 started 46 conhost.exe 29->46 started file10 signatures11 process12 dnsIp13 113. 31->113 115 ip-info.ff. 31->115 117 31->117 57 C:\Users\user\AppData\Local\.\ccupdate.exe, PE32 31->57 dropped 121 Query firmware table information (likely to detect VMs) 31->121 50 ccupdate.exe 31->50 started 119 1.3.21.169 unknown China 42->119 59 C:\Program Files (x86)\.behaviorgraphoogleUpdate.exe, PE32 42->59 dropped 61 C:\.behaviorgraphoogleUpdateSetup.exe, PE32 42->61 dropped 55 GoogleUpdate.exe 3 4 42->55 started file14 signatures15 process16 dnsIp17 103. 50->103 105 ip-info.ff. 50->105 73 C:\Program Files\CCleaner\.\CCleaner.exe, PE32 50->73 dropped 139 Query firmware table information (likely to detect VMs) 50->139 file18 signatures19Īntivirus or Machine Learning detection for dropped file ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |