Automated Malware Analysis IOC Report for

Details

File:	C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-shm
Category:	dropped
Dump:	webappsstore.sqlite-shm.18.dr
ID:	dr_23
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.017262956703125623
Encrypted:	false
Size:	32768
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	Data from Local System OS Credential Dumping

Details

File:	C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp
Category:	dropped
Dump:	2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.9832587317678705
Encrypted:	false
Size:	16029
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected ZipBomb	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000002.dbtmp
Category:	dropped
Dump:	000002.dbtmp.18.dr
ID:	dr_29
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text
Entropy:	3.2743974703476995
Encrypted:	false
Size:	16
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT (copy)
Category:	dropped
Dump:	000002.dbtmp.18.dr
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Category:	dropped
Dump:	LOG.18.dr
ID:	dr_31
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text
Entropy:	4.5466597590357685
Encrypted:	false
Size:	145
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
Category:	dropped
Dump:	LOG.18.dr
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000002
Category:	dropped
Dump:	MANIFEST-000002.18.dr
ID:	dr_30
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	MPEG-4 LOAS
Entropy:	4.988758439731456
Encrypted:	false
Size:	50
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\C0XLFJ0M.txt
Category:	dropped
Dump:	C0XLFJ0M.txt.18.dr
ID:	dr_35
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Generic INItialization configuration [Common]
Entropy:	5.420134353525113
Encrypted:	false
Size:	1426
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\info[1].json
Category:	dropped
Dump:	info[1].json.18.dr
ID:	dr_34
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	JSON data
Entropy:	5.041375973337717
Encrypted:	false
Size:	351
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk
Category:	dropped
Dump:	V01.chk0.18.dr
ID:	dr_26
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.39124014286970193
Encrypted:	false
Size:	8192
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log
Category:	dropped
Dump:	V01.log1.18.dr
ID:	dr_41
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.4854520477335263
Encrypted:	false
Size:	524288
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
Category:	dropped
Dump:	WebCacheV01.dat1.18.dr
ID:	dr_39
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Extensible storage engine DataBase, version 0x620, checksum 0x78318f8e, page size 32768, Windows version 10.0
Entropy:	1.1697021128822997
Encrypted:	false
Size:	17301504
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm
Category:	dropped
Dump:	WebCacheV01.jfm1.18.dr
ID:	dr_40
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.1371908878134663
Encrypted:	false
Size:	16384
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286
Category:	dropped
Dump:	6358C710-B89F-46B9-93F2-F6CAC44F5286.18.dr
ID:	dr_13
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	3.8822182847281104
Encrypted:	false
Size:	1216
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
Category:	dropped
Dump:	D566D7D7-DCD6-471C-8109-BE0AD33199E3.18.dr
ID:	dr_12
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	2.695563383509937
Encrypted:	false
Size:	64
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
Category:	dropped
Dump:	F07D8C6A-04B6-4025-869C-70A788D7B5C0.18.dr
ID:	dr_11
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	2.798445966233785
Encrypted:	false
Size:	72
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B249ZNM80TU3VQ2OKGVN.temp
Category:	dropped
Dump:	B249ZNM80TU3VQ2OKGVN.temp.18.dr
ID:	dr_18
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	3.429379679198438
Encrypted:	false
Size:	6603
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\cc3891bee323ecc0.customDestinations-ms (copy)
Category:	dropped
Dump:	B249ZNM80TU3VQ2OKGVN.temp.18.dr
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9897918112606976
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.002385646246759
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.011019363668157
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.003384119762773
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9904461297249183
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.998136394255661
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\Downloads\ccsetup629.zip (copy)
Category:	dropped
Dump:	2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp.0.dr
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629.zip.crdownload (copy)
Category:	dropped
Dump:	2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp.0.dr
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Category:	dropped
Dump:	44ED97C8-2D40-4A50-913D-673F6858B9AF.18.dr
ID:	dr_16
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	5.545787138214116
Encrypted:	false
Size:	120
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\7d846b03-5697-42ad-987c-9d397e36e919
Category:	dropped
Dump:	7d846b03-5697-42ad-987c-9d397e36e919.18.dr
ID:	dr_17
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	7.410019842629259
Encrypted:	false
Size:	678
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\Data\usercfg.ini
Category:	dropped
Dump:	usercfg.ini.18.dr
ID:	dr_14
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.658368242872937
Encrypted:	false
Size:	43
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEng.log
Category:	dropped
Dump:	DriverUpdEng.log0.18.dr
ID:	dr_38
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.997018412353725
Encrypted:	false
Size:	551
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\Downloads\ccsetup629\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Category:	dropped
Dump:	44ED97C8-2D40-4A50-913D-673F6858B9AF0.18.dr
ID:	dr_32
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	5.545787138214116
Encrypted:	false
Size:	120
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\78181805-65b0-48ec-b23e-bb9eea753fff
Category:	dropped
Dump:	78181805-65b0-48ec-b23e-bb9eea753fff.18.dr
ID:	dr_33
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	7.2541006371111685
Encrypted:	false
Size:	582
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\LOG\su_controller.log
Category:	dropped
Dump:	su_controller.log.18.dr
ID:	dr_42
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.100510232746275
Encrypted:	false
Size:	504
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\Downloads\ccsetup629\Setup\config.def
Category:	dropped
Dump:	config.def.18.dr
ID:	dr_7
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.106377316818027
Encrypted:	false
Size:	27
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\ccleaner.ini
Category:	modified
Dump:	ccleaner.ini0.18.dr
ID:	dr_24
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	Microsoft HTML Help Project
Entropy:	5.585384042696089
Encrypted:	false
Size:	2050
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Writes ini files	System Summary	File and Directory Discovery

Details

File:	C:\Users\user\Downloads\ccsetup629\gcapi_17297235455428.dll (copy)
Category:	dropped
Dump:	gcapi_dll.dll.18.dr
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll
Category:	dropped
Dump:	gcapi_dll.dll.18.dr
ID:	dr_10
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.544177497925195
Encrypted:	false
Size:	758272
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\Downloads\ccsetup629\lc.dat (copy)
Category:	dropped
Dump:	lc.dat.18.dr
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\Tasks\CCleanerCrashReporting.job
Category:	dropped
Dump:	CCleanerCrashReporting.job.18.dr
ID:	dr_8
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	3.614673675649633
Encrypted:	false
Size:	656
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Creates job files (autostart)	Boot Survival	Scheduled Task/Job

Details

File:	C:\Windows\Temp\waapi-1729723784\db0796778834078181e5dc1f
Category:	dropped
Dump:	db0796778834078181e5dc1f.18.dr
ID:	dr_36
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	ASCII text, with no line terminators
Entropy:	3.0220552088742
Encrypted:	false
Size:	12
Whitelisted:	false

Details

File:	C:\Windows\Temp\waapi-1729723784\lc.dat
Category:	dropped
Dump:	lc.dat.18.dr
ID:	dr_37
Target ID:	18
Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
Type:	data
Entropy:	7.448182354755518
Encrypted:	false
Size:	400
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://download.ccleaner.com/portable/ccsetup629.zip

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://download.ccleaner.com/portable/ccsetup629.zip

Files

Domains

IPs

IOC Report
https://download.ccleaner.com/portable/ccsetup629.zip