Overview

overview

10

Static

static

10

Payload/Yo...lderis

windows7-x64

1

Payload/Yo...strate

windows7-x64

1

Payload/Yo...elp.js

windows7-x64

1

Payload/Yo...mework

windows7-x64

1

Payload/Yo...ler.js

windows7-x64

1

Payload/Yo...t.html

windows7-x64

1

Payload/Yo...t.html

windows7-x64

1

Payload/Yo...ser.js

windows7-x64

1

Payload/Yo...ser.js

windows7-x64

1

Payload/Yo...ent.js

windows7-x64

1

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo....dylib

windows7-x64

3

Payload/Yo...ed_ios

windows7-x64

1

Payload/Yo...fo.xml

windows7-x64

1

Payload/Yo...ension

windows7-x64

1

Payload/Yo...ension

windows7-x64

1

Payload/Yo...ension

windows7-x64

1

Payload/Yo...ension

windows7-x64

1

Payload/Yo...ension

windows7-x64

1

Payload/Yo...ouTube

windows7-x64

1

Payload/Yo...fig.js

windows7-x64

1

Payload/Yo...fig.js

windows7-x64

1

Payload/Yo...fig.js

windows7-x64

1

Payload/Yo...to_.js

windows7-x64

1

Payload/Yo...237.js

windows7-x64

1

Analysis

  • max time kernel
    1801s
  • max time network
    1846s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06-02-2023 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/YouTube.app/Frameworks/YouTubeDislikesReturn.dylib

  • Size

    99KB

  • MD5

    9de9ac2c1c65dffde8a80b85f3810223

  • SHA1

    ae47bd6df241135896cb6fa106e87108f7c1c646

  • SHA256

    d9504e35684bc77d33501f330a22f693097dd334d0c1c73f805f4c350beaab0f

  • SHA512

    7a0fd4493b2e964a3953e6e1765d1c25dfd11b2c170f63719a1f6adfd49fc1ff8e3f2ff7048347dc48dd71459b087b8c7b002f676e6506019bc74be2c6c6da2d

  • SSDEEP

    768:YJcPA+RvqPLFgL1nZ8fvce3OXr4AHBvfW25jnYZi:5A+g2RZMce+RX7jn9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Payload\YouTube.app\Frameworks\YouTubeDislikesReturn.dylib
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Payload\YouTube.app\Frameworks\YouTubeDislikesReturn.dylib
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:820
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payload\YouTube.app\Frameworks\YouTubeDislikesReturn.dylib"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:468

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/468-81-0x0000000000000000-mapping.dmp
    Download
  • memory/468-82-0x0000000075A91000-0x0000000075A93000-memory.dmp
    Filesize

    8KB

    Download
  • memory/820-76-0x0000000000000000-mapping.dmp
    Download
  • memory/1996-54-0x000007FEFBB21000-0x000007FEFBB23000-memory.dmp
    Filesize

    8KB

    Download