Analysis
-
max time kernel
39s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-06-2022 08:43
General
-
Target
4e78dbfd9d5fcc891dc5bf5c37930188a51b817f9c94406717ec3b14c300de1a.exe
Score
10/10
Malware Config
Signatures
-
YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
-
YTStealer payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e78dbfd9d5fcc891dc5bf5c37930188a51b817f9c94406717ec3b14c300de1a.exe"C:\Users\Admin\AppData\Local\Temp\4e78dbfd9d5fcc891dc5bf5c37930188a51b817f9c94406717ec3b14c300de1a.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Local\Temp\4e78dbfd9d5fcc891dc5bf5c37930188a51b817f9c94406717ec3b14c300de1a.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 03⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/320-55-0x0000000000000000-mapping.dmp
-
memory/376-54-0x0000000000940000-0x0000000001709000-memory.dmpFilesize
13.8MB
-
memory/376-57-0x0000000000940000-0x0000000001709000-memory.dmpFilesize
13.8MB
-
memory/1636-56-0x0000000000000000-mapping.dmp