f1bbcc5c678d174d858ae089f4494e3ea8bcfc418098d61804a15e437f08aff7

Target

[email protected]
Size

396KB
MD5

13f4b868603cf0dd6c32702d1bd858c9
SHA1

a595ab75e134f5616679be5f11deefdfaae1de15
SHA256

cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512

e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 15 IoCs

Processes:

Free YouTube Downloader.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exe

pid	Process
3220	Free YouTube Downloader.exe
1620	Box.exe
3608	Box.exe
2280	Box.exe
1764	Box.exe
3196	Box.exe
1484	Box.exe
3984	Box.exe
2128	Box.exe
3860	Box.exe
556	Box.exe
2044	Box.exe
1236	Box.exe
3224	Box.exe
3148	Box.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

[email protected]

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

Processes:

[email protected]

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Free YouTube Downloader.exe

pid	Process
3220	Free YouTube Downloader.exe

Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Free YouTube Downloader.exe

pid	Process
3220	Free YouTube Downloader.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

[email protected]Free YouTube Downloader.exe

description	pid	Process	procid_target
PID 2432 wrote to memory of 3220	2432	[email protected]	74
PID 2432 wrote to memory of 3220	2432	[email protected]	74
PID 3220 wrote to memory of 1620	3220	Free YouTube Downloader.exe	80
PID 3220 wrote to memory of 1620	3220	Free YouTube Downloader.exe	80
PID 3220 wrote to memory of 1620	3220	Free YouTube Downloader.exe	80
PID 3220 wrote to memory of 3608	3220	Free YouTube Downloader.exe	81
PID 3220 wrote to memory of 3608	3220	Free YouTube Downloader.exe	81
PID 3220 wrote to memory of 3608	3220	Free YouTube Downloader.exe	81
PID 3220 wrote to memory of 2280	3220	Free YouTube Downloader.exe	82
PID 3220 wrote to memory of 2280	3220	Free YouTube Downloader.exe	82
PID 3220 wrote to memory of 2280	3220	Free YouTube Downloader.exe	82
PID 3220 wrote to memory of 1764	3220	Free YouTube Downloader.exe	83
PID 3220 wrote to memory of 1764	3220	Free YouTube Downloader.exe	83
PID 3220 wrote to memory of 1764	3220	Free YouTube Downloader.exe	83
PID 3220 wrote to memory of 3196	3220	Free YouTube Downloader.exe	84
PID 3220 wrote to memory of 3196	3220	Free YouTube Downloader.exe	84
PID 3220 wrote to memory of 3196	3220	Free YouTube Downloader.exe	84
PID 3220 wrote to memory of 1484	3220	Free YouTube Downloader.exe	85
PID 3220 wrote to memory of 1484	3220	Free YouTube Downloader.exe	85
PID 3220 wrote to memory of 1484	3220	Free YouTube Downloader.exe	85
PID 3220 wrote to memory of 3984	3220	Free YouTube Downloader.exe	86
PID 3220 wrote to memory of 3984	3220	Free YouTube Downloader.exe	86
PID 3220 wrote to memory of 3984	3220	Free YouTube Downloader.exe	86
PID 3220 wrote to memory of 2128	3220	Free YouTube Downloader.exe	87
PID 3220 wrote to memory of 2128	3220	Free YouTube Downloader.exe	87
PID 3220 wrote to memory of 2128	3220	Free YouTube Downloader.exe	87
PID 3220 wrote to memory of 3860	3220	Free YouTube Downloader.exe	88
PID 3220 wrote to memory of 3860	3220	Free YouTube Downloader.exe	88
PID 3220 wrote to memory of 3860	3220	Free YouTube Downloader.exe	88
PID 3220 wrote to memory of 556	3220	Free YouTube Downloader.exe	89
PID 3220 wrote to memory of 556	3220	Free YouTube Downloader.exe	89
PID 3220 wrote to memory of 556	3220	Free YouTube Downloader.exe	89
PID 3220 wrote to memory of 2044	3220	Free YouTube Downloader.exe	90
PID 3220 wrote to memory of 2044	3220	Free YouTube Downloader.exe	90
PID 3220 wrote to memory of 2044	3220	Free YouTube Downloader.exe	90
PID 3220 wrote to memory of 1236	3220	Free YouTube Downloader.exe	91
PID 3220 wrote to memory of 1236	3220	Free YouTube Downloader.exe	91
PID 3220 wrote to memory of 1236	3220	Free YouTube Downloader.exe	91
PID 3220 wrote to memory of 3224	3220	Free YouTube Downloader.exe	92
PID 3220 wrote to memory of 3224	3220	Free YouTube Downloader.exe	92
PID 3220 wrote to memory of 3224	3220	Free YouTube Downloader.exe	92
PID 3220 wrote to memory of 3148	3220	Free YouTube Downloader.exe	93
PID 3220 wrote to memory of 3148	3220	Free YouTube Downloader.exe	93
PID 3220 wrote to memory of 3148	3220	Free YouTube Downloader.exe	93

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3220
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:1620
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3608
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:2280
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:1764
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3196
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:1484
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3984
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:2128
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3860
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:556
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:2044
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:1236
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3224
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    PID:3148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/556-79-0x0000000000000000-mapping.dmp

Download
memory/556-81-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/1236-95-0x0000000000000000-mapping.dmp

Download
memory/1236-97-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/1484-47-0x0000000000000000-mapping.dmp

Download
memory/1484-49-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/1620-12-0x0000000005910000-0x0000000005911000-memory.dmp

Filesize
4KB

Download
memory/1620-13-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/1620-7-0x0000000000000000-mapping.dmp

Download
memory/1620-14-0x0000000005380000-0x0000000005381000-memory.dmp

Filesize
4KB

Download
memory/1620-9-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/1620-10-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1764-31-0x0000000000000000-mapping.dmp

Download
memory/1764-33-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-87-0x0000000000000000-mapping.dmp

Download
memory/2044-89-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/2128-63-0x0000000000000000-mapping.dmp

Download
memory/2128-65-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/2280-25-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/2280-23-0x0000000000000000-mapping.dmp

Download
memory/3148-113-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3148-111-0x0000000000000000-mapping.dmp

Download
memory/3196-39-0x0000000000000000-mapping.dmp

Download
memory/3196-41-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3220-0-0x0000000000000000-mapping.dmp

Download
memory/3220-4-0x0000019A32FB0000-0x0000019A32FB1000-memory.dmp

Filesize
4KB

Download
memory/3220-3-0x00007FFD88EE0000-0x00007FFD898CC000-memory.dmp

Filesize
9.9MB

Download
memory/3224-103-0x0000000000000000-mapping.dmp

Download
memory/3224-105-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3608-17-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3608-15-0x0000000000000000-mapping.dmp

Download
memory/3860-73-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3860-71-0x0000000000000000-mapping.dmp

Download
memory/3984-57-0x0000000073970000-0x000000007405E000-memory.dmp

Filesize
6.9MB

Download
memory/3984-55-0x0000000000000000-mapping.dmp

Download