File name:

CocCocSetup.exe

Full analysis: https://app.any.run/tasks/8934cb6b-8bd1-46c5-9890-c1a4d021f564
Verdict: Malicious activity
Analysis date: March 03, 2024, 23:43:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D5AB873FF69DE7079642378D0A1F8E88

SHA1:

50B6011902A50194DBA7418C723312A1D0D1D711

SHA256:

D5791EEF0ABD4D7699CA6128C5475A64B206EEF2B946F47DED2F0EFFC691D182

SSDEEP:

49152:omRWWWryA56l2F6xb4xJexZAA+by0yFZD2I4HE6NZSr2mPIExmlSqrik6f89RNi:FMlrl8l2F6x7ZZQyFZD2IDPd9HJk6f8k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)

    • Actions looks like stealing of personal data

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3428)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 2692)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)

    • Starts itself from another location

      • CocCocUpdate.exe (PID: 3464)

    • Disables SEHOP

      • CocCocUpdate.exe (PID: 3464)

    • Creates/Modifies COM task schedule object

      • CocCocUpdate.exe (PID: 3428)

    • Executes as Windows Service

      • CocCocUpdate.exe (PID: 2692)

    • Reads the Internet Settings

      • CocCocUpdate.exe (PID: 3500)

  • INFO

    • Create files in a temporary directory

      • CocCocSetup.exe (PID: 3700)

    • Checks supported languages

      • CocCocSetup.exe (PID: 3700)
      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 3428)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 2692)

    • Creates files or folders in the user directory

      • CocCocUpdate.exe (PID: 3656)

    • Reads the computer name

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 2304)
      • CocCocUpdate.exe (PID: 3500)
      • CocCocUpdate.exe (PID: 2692)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 3464)

    • Creates files in the program directory

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdateSetup.exe (PID: 3948)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 2692)

    • Reads the machine GUID from the registry

      • CocCocUpdate.exe (PID: 3656)
      • CocCocUpdate.exe (PID: 3464)
      • CocCocUpdate.exe (PID: 1836)
      • CocCocUpdate.exe (PID: 2692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:05:18 07:03:31+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 94720
InitializedDataSize: 857600
UninitializedDataSize: -
EntryPoint: 0x56a6
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.1.19
ProductVersionNumber: 2.7.1.19
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Coc Coc Co., Ltd.
FileDescription: CocCoc Update Setup
FileVersion: 2.7.1.19
InternalName: CocCoc Update Setup
LegalCopyright: Copyright 2018 Google LLC
OriginalFileName: CocCocUpdateSetup.exe
ProductName: CocCoc Update
ProductVersion: 2.7.1.19
LanguageId: en
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
9
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start coccocsetup.exe coccocupdate.exe coccocupdatesetup.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe coccocupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1836"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /handoff "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installsource taggedmi /sessionid "{211260B7-B550-4DFB-9F30-265314E81F24}"C:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2304"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /regsvcC:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2692"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /svcC:\Program Files\CocCoc\Update\CocCocUpdate.exe
services.exe
User:
SYSTEM
Company:
Coc Coc Co., Ltd.
Integrity Level:
SYSTEM
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3428"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /regserverC:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3464"C:\Program Files\CocCoc\Temp\GUMFD6B.tmp\CocCocUpdate.exe" /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installelevatedC:\Program Files\CocCoc\Temp\GUMFD6B.tmp\CocCocUpdate.exe
CocCocUpdateSetup.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\temp\gumfd6b.tmp\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3500"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjIuNy4xLjE5IiBzaGVsbF92ZXJzaW9uPSIyLjcuMS4xOSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyMTEyNjBCNy1CNTUwLTRERkItOUYzMC0yNjUzMTRFODFGMjR9IiB1c2VyaWQ9IkRBRDJFMjlGLUE0MzYtNDIxQi1BRkE3LUY3N0Q5MDhGNThBRiIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0M2NjFFMDI3LTQ0ODEtNDA3QS04OUNBLTQyQjFGOENDNDFGMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMjQ1NDYiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjIuNy4xLjE5IiBsYW5nPSJlbiIgYnJhbmQ9IlhYWFgiIGNsaWVudD0ie1hYWFhYWFhYLVhYWFgtWFhYWC1YWFhYLVhYWFhYWFhYWFhYWH0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAzMSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\CocCoc\Update\CocCocUpdate.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\program files\coccoc\update\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3656C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdate.exe /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX"C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdate.exe
CocCocSetup.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
MEDIUM
Description:
CocCoc Update
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\gumfa7d.tmp\coccocupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3700"C:\Users\admin\AppData\Local\Temp\CocCocSetup.exe" C:\Users\admin\AppData\Local\Temp\CocCocSetup.exe
explorer.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
MEDIUM
Description:
CocCoc Update Setup
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\coccocsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3948"C:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateSetup.exe" /installsource taggedmi /install "appguid={C0CC0CBB-47DD-46FF-A04D-7011A06486E1}&appname=C%E1%BB%91c%20C%E1%BB%91c&needsadmin=prefers&usagestats=1&lang=en&client={XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}&brand=XXXX" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateSetup.exe
CocCocUpdate.exe
User:
admin
Company:
Coc Coc Co., Ltd.
Integrity Level:
HIGH
Description:
CocCoc Update Setup
Exit code:
0
Version:
2.7.1.19
Modules
Images
c:\users\admin\appdata\local\temp\gumfa7d.tmp\coccocupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
9 794
Read events
4 976
Write events
4 793
Delete events
25

Modification events

(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{C0CC0CBB-47DD-46FF-A04D-7011A06486E1}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:writeName:path
Value:
C:\Program Files\CocCoc\Update\CocCocUpdate.exe
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update
Operation:writeName:UninstallCmdLine
Value:
"C:\Program Files\CocCoc\Update\CocCocUpdate.exe" /uninstall
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:pv
Value:
2.7.1.19
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:name
Value:
Cốc Cốc Update
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\CocCoc\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:writeName:pv
Value:
2.7.1.19
(PID) Process:(3464) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CocCocUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(2304) CocCocUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CocCocUpdate.exe
Operation:writeName:AppID
Value:
{4F0B9D69-B942-4483-8AF9-5FB23CE35CA0}
Executable files
46
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateBroker.exeexecutable
MD5:9E2AC161EE481FF62D851133E092E5D7
SHA256:3F3E1E509BC96E95C2185AB85EA8C236CD6B16622A901E6B0831700974D331C3
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateComRegisterShell64.exeexecutable
MD5:2784770CFE7B48C069D40AE2126544A9
SHA256:86D5070EA80102907E3892893E352C870A2DB7872C7EFAD94AA10A7FCD1C2A0D
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\coccocpdate.dllexecutable
MD5:205484E03EB71A05CA757D4857040611
SHA256:0960DD00DDB85BABD042BE6E035568F7CB7FC7C8444419EF9B2779240AB7F9C5
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocCrashHandler.exeexecutable
MD5:05491DFAE4AA9A902FC3599EF5E68CC7
SHA256:9EA57FD4294F01D9A1500C6902CFB8A5499B852DF2B20B1B33708957D86790BC
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateOnDemand.exeexecutable
MD5:F23EE51635368E62CC7EC14FE017DEF9
SHA256:A59D55C412329BDFF3C72BED8A4CAD1F58069B67733AE6449FCFFC8D305F7B2A
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\psuser_64.dllexecutable
MD5:6AA714AE21EADA6E61DF0BB87ED507D0
SHA256:23BDC4552EE0E9049E486EEF0C1E320B4746065A2702EB484253B1F6541C3C39
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\psmachine.dllexecutable
MD5:D4C6E916276FEB8CE65F7317B5B06403
SHA256:DB03D9C63BFD1E09E230288232733AC9FF4F89A358FC630744C63007B7385855
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocUpdateCore.exeexecutable
MD5:44B2CA9478F534BF2BFA5671FEAE6384
SHA256:37F9E42FD693031E3DA1CE6F8828B849D4F8D1C9A608157F92EB63CDA0726BD0
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\CocCocCrashHandler64.exeexecutable
MD5:DC0117DB76B05B084DF6C258B3C39657
SHA256:5C90D56F4AD95999837A6B8AC9761A10044A1123770A3C50CF591FF8C84C9689
3700CocCocSetup.exeC:\Users\admin\AppData\Local\Temp\GUMFA7D.tmp\coccocpdateres_vi.dllexecutable
MD5:FF236DA7F02B796FC15948B6570EED60
SHA256:D64E02255F991F0EF5AB397A65692197843C90540103D6349373EDB1D16CADDE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
9
DNS requests
5
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2692
CocCocUpdate.exe
POST
200
123.30.175.98:80
http://browser.coccoc.com/service/update2?cup2key=5:1494026822&cup2hreq=bb2279160e33d23f217283394d77d51383ed3cbc8f210bb3d08299e0e5fc751b
unknown
xml
878 b
unknown
3500
CocCocUpdate.exe
POST
200
123.30.175.98:80
http://browser.coccoc.com/service/update2
unknown
xml
235 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3500
CocCocUpdate.exe
123.30.175.98:80
browser.coccoc.com
VNPT Corp
VN
unknown
2692
CocCocUpdate.exe
123.30.175.98:80
browser.coccoc.com
VNPT Corp
VN
unknown
1348
svchost.exe
239.255.255.250:1900
unknown
856
svchost.exe
123.30.175.11:443
files.coccoc.com
VNPT Corp
VN
unknown
856
svchost.exe
123.30.177.125:443
files-cdn.coccoc.com
VNPT Corp
VN
unknown

DNS requests

Domain
IP
Reputation
browser.coccoc.com
  • 123.30.175.98
unknown
files.coccoc.com
  • 123.30.175.11
unknown
files-cdn.coccoc.com
  • 123.30.177.125
unknown

Threats

PID
Process
Class
Message
3500
CocCocUpdate.exe
Not Suspicious Traffic
ET POLICY COCCOC Browser (VN) Installed
2692
CocCocUpdate.exe
Not Suspicious Traffic
ET POLICY COCCOC Browser (VN) Installed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CocCocSetup.exe