File name:

CocCocSetup.exe

Full analysis: https://app.any.run/tasks/8934cb6b-8bd1-46c5-9890-c1a4d021f564
Verdict: Malicious activity
Analysis date: March 03, 2024, 23:43:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D5AB873FF69DE7079642378D0A1F8E88

SHA1:

50B6011902A50194DBA7418C723312A1D0D1D711

SHA256:

D5791EEF0ABD4D7699CA6128C5475A64B206EEF2B946F47DED2F0EFFC691D182

SSDEEP:

49152:omRWWWryA56l2F6xb4xJexZAA+by0yFZD2I4HE6NZSr2mPIExmlSqrik6f89RNi:FMlrl8l2F6x7ZZQyFZD2IDPd9HJk6f8k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)

    • Actions looks like stealing of personal data

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3428)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 2692)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 3464)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)

    • Starts itself from another location

      • CocCocUpdate.exe (PID: 3464)

    • Disables SEHOP

      • CocCocUpdate.exe (PID: 3464)

    • Creates/Modifies COM task schedule object

      • CocCocUpdate.exe (PID: 3428)

    • Reads the Internet Settings

      • CocCocUpdate.exe (PID: 3500)

    • Executes as Windows Service

      • CocCocUpdate.exe (PID: 2692)

  • INFO

    • Checks supported languages

      • CocCocUpdate.exe (PID: 3656)
      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 3428)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 2692)

    • Reads the computer name

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 2692)

    • Reads the machine GUID from the registry

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 2692)

    • Create files in a temporary directory

      • CocCocSetup.exe (PID: 3700)

    • Creates files in the program directory

      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 2692)

    • Creates files or folders in the user directory

      • CocCocUpdate.exe (PID: 3656)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:05:18 07:03:31+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 94720
InitializedDataSize: 857600
UninitializedDataSize: -
EntryPoint: 0x56a6
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.1.19
ProductVersionNumber: 2.7.1.19
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Coc Coc Co., Ltd.
FileDescription: CocCoc Update Setup
FileVersion: 2.7.1.19
InternalName: CocCoc Update Setup
LegalCopyright: Copyright 2018 Google LLC
OriginalFileName: CocCocUpdateSetup.exe
ProductName: CocCoc Update
ProductVersion: 2.7.1.19
LanguageId: en
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
9
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start coccocsetup.exe coccocupdate.exe coccocupdatesetup.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1836"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /handoff "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installsource taggedmi /sessionid "{211260B7-B550-4DFB-9F30-265314E81F24}"C:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2304"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /regsvcC:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2692"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /svcC:\Program Files\CocCoc\Update\CocCocUpdate.exe
services.exe
User:
SYSTEM
Company:
Coc Coc Co., Ltd.
Integrity Level:
SYSTEM
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3428"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /regserverC:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3464"C:\Program Files\CocCoc\Temp\GUMFD6B.tmp\CocCocUpdate.exe" /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installelevatedC:\Program Files\CocCoc\Temp\GUMFD6B.tmp\CocCocUpdate.exe
CocCocUpdateSetup.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\temp\gumfd6b.tmp\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3500"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjIuNy4xLjE5IiBzaGVsbF92ZXJzaW9uPSIyLjcuMS4xOSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyMTEyNjBCNy1CNTUwLTRERkItOUYzMC0yNjUzMTRFODFGMjR9IiB1c2VyaWQ9IkRBRDJFMjlGLUE0MzYtNDIxQi1BRkE3LUY3N0Q5MDhGNThBRiIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0M2NjFFMDI3LTQ0ODEtNDA3QS04OUNBLTQyQjFGOENDNDFGMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMjQ1NDYiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjIuNy4xLjE5IiBsYW5nPSJlbiIgYnJhbmQ9IlhYWFgiIGNsaWVudD0ie1hYWFhYWFhYLVhYWFgtWFhYWC1YWFhYLVhYWFhYWFhYWFhYWH0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAzMSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3656C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdate.exe /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX"C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdate.exe
CocCocSetup.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
MEDIUM
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\gumfa7d.tmp\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3700"C:\Users\admin\AppData\Local\Temp\CocCocSetup.exe" C:\Users\admin\AppData\Local\Temp\CocCocSetup.exe
explorer.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
MEDIUM
Description:
CocCoc Update Setup
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\coccocsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3948"C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateSetup.exe" /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateSetup.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update Setup
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\gumfa7d.tmp\coccocupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
9 794
Read events
4 976
Write events
4 793
Delete events
25

Modification events

(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{C0CC0CBB-47DD-46FF-A04D-7011A06486E1}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:writeName:path
Value:
C:\Program Files\CocCoc\Update\CocCocUpdate.exe
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:writeName:UninstallCmdLine
Value:
"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /uninstall
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:pv
Value:
2.7.1.19
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:name
Value:
Cốc Cốc Update
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:pv
Value:
2.7.1.19
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CocCocUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(2304) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CocCocUpdate.exe
Operation:writeName:AppID
Value:
{4F0B9D69-B942-4483-8AF9-5FB23CE35CA0}
Executable files
46
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdate.exeexecutable
MD5:4D8EFE5A192709B079D40B8934D69589
SHA256:8A0638F6CF0EA15A57F1EBCC596214393DE5D3074C1E6CB3D3D5EF631B14D803
3656CocCocUpdate.exeC:\ProgramData\CocCoc\uidtext
MD5:2212DB4106CF08D6B8CB90EEAE7C3970
SHA256:0C99459160A970DB1CE308AAA47108F11435DACA9A520F8813C7DC9059590FFD
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocCrashHandler64.exeexecutable
MD5:DC0117DB76B05B084DF6C258B3C39657
SHA256:5C90D56F4AD95999837A6B8AC9761A10044A1123770A3C50CF591FF8C84C9689
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\coccocpdateres_en.dllexecutable
MD5:FDEE1CEEBA1A489DF82AFF39FEA71AC8
SHA256:681F10ADA6CC7D7E7E15D5254008B761F3717BC722CDAFDAED6A0FF2598889A5
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\psmachine_64.dllexecutable
MD5:F08BFBE9226FDDE9290E8031333AB091
SHA256:17023B7CFC74C367595E10F99C4C2B1291C5F4897AC6BC1412B3E108FDC567B9
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateSetup.exeexecutable
MD5:D5AB873FF69DE7079642378D0A1F8E88
SHA256:D5791EEF0ABD4D7699CA6128C5475A64B206EEF2B946F47DED2F0EFFC691D182
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\coccocpdateres_vi.dllexecutable
MD5:FF236DA7F02B796FC15948B6570EED60
SHA256:D64E02255F991F0EF5AB397A65692197843C90540103D6349373EDB1D16CADDE
3656CocCocUpdate.exeC:\Users\admin\AppData\Roaming\CocCoc\uidtext
MD5:EB6F987AB6286B600130E1FA812CBB70
SHA256:800A597952D5114A29D4E6A972F207BD7D6561A04CDC018B2EE8D850B0D9D59A
3948CocCocUpdateSetup.exeC:\Program Files\CocCoc\Temp\GUMFD6B.tmp\CocCocUpdate.exeexecutable
MD5:4D8EFE5A192709B079D40B8934D69589
SHA256:8A0638F6CF0EA15A57F1EBCC596214393DE5D3074C1E6CB3D3D5EF631B14D803
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateComRegisterShell64.exeexecutable
MD5:2784770CFE7B48C069D40AE2126544A9
SHA256:86D5070EA80102907E3892893E352C870A2DB7872C7EFAD94AA10A7FCD1C2A0D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
9
DNS requests
5
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3500
CocCocUpdate.exe
POST
200
123.30.175.98:80
http://browser.coccoc.com/service/update2
unknown
xml
235 b
unknown
2692
CocCocUpdate.exe
POST
200
123.30.175.98:80
http://browser.coccoc.com/service/update2?cup2key=5:1494026822&cup2hreq=bb2279160e33d23f217283394d77d51383ed3cbc8f210bb3d08299e0e5fc751b
unknown
xml
878 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3500
CocCocUpdate.exe
123.30.175.98:80
browser.coccoc.com
VNPT Corp
VN
unknown
2692
CocCocUpdate.exe
123.30.175.98:80
browser.coccoc.com
VNPT Corp
VN
unknown
1348
svchost.exe
239.255.255.250:1900
unknown
856
svchost.exe
123.30.175.11:443
files.coccoc.com
VNPT Corp
VN
unknown
856
svchost.exe
123.30.177.125:443
files-cdn.coccoc.com
VNPT Corp
VN
unknown

DNS requests

Domain
IP
Reputation
browser.coccoc.com
  • 123.30.175.98
unknown
files.coccoc.com
  • 123.30.175.11
unknown
files-cdn.coccoc.com
  • 123.30.177.125
unknown

Threats

PID
Process
Class
Message
3500
CocCocUpdate.exe
Not Suspicious Traffic
ET POLICY COCCOC Browser (VN) Installed
2692
CocCocUpdate.exe
Not Suspicious Traffic
ET POLICY COCCOC Browser (VN) Installed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CocCocSetup.exe