Resubmissions
29-12-2021 12:45
211229-py8v3sdddn 1029-12-2021 11:51
211229-n1lb5addbm 829-12-2021 11:50
211229-nzsptaegg6 129-12-2021 11:24
211229-nh59ksege9 128-12-2021 11:54
211228-n21s7sdgg2 828-12-2021 11:53
211228-n2tpwscdbj 128-12-2021 11:51
211228-nz82sscdaq 128-12-2021 11:38
211228-nryk4acdal 1028-12-2021 11:37
211228-nq735sdge9 1Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
29-12-2021 11:50
Static task
static1
URLScan task
urlscan1
Sample
https://www.youtube.com/channel/UCn2OJocEFxegDrjKZMIfnLw
Behavioral task
behavioral1
Sample
https://www.youtube.com/channel/UCn2OJocEFxegDrjKZMIfnLw
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
https://www.youtube.com/channel/UCn2OJocEFxegDrjKZMIfnLw
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3836 chrome.exe 3836 chrome.exe 2148 chrome.exe 2148 chrome.exe 944 taskmgr.exe 944 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2148 chrome.exe 2148 chrome.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 944 taskmgr.exe Token: SeSystemProfilePrivilege 944 taskmgr.exe Token: SeCreateGlobalPrivilege 944 taskmgr.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
pid Process 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe -
Suspicious use of SendNotifyMessage 37 IoCs
pid Process 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 2148 chrome.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe 944 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2184 2148 chrome.exe 68 PID 2148 wrote to memory of 2184 2148 chrome.exe 68 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3568 2148 chrome.exe 71 PID 2148 wrote to memory of 3836 2148 chrome.exe 70 PID 2148 wrote to memory of 3836 2148 chrome.exe 70 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74 PID 2148 wrote to memory of 2312 2148 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/channel/UCn2OJocEFxegDrjKZMIfnLw1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x64,0xb0,0xd4,0x60,0xd8,0x7fffea124f50,0x7fffea124f60,0x7fffea124f702⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1824 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1548 /prefetch:22⤵PID:3568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:3172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:12⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:12⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4036 /prefetch:82⤵PID:3636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,11308447038988487607,8996031907573041807,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:3648
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:944