hxxps://www[.]y2mate[.]com/es406/youtube

Analysis

max time kernel
45s
max time network
50s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
23/03/2023, 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.y2mate.com/es406/youtube

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e80000000002000000000010660000000100002000000033034c02b1ff5d4fdec05d6445ed7e94993d8afe864e1159298ef232809a423b000000000e80000000020000200000007ee24961586fc029155046a3dff11d0131e340f4e621f0e98c0dbe76c93d5e61200000004dfeea075e158708bbbb1e1ebef93aac7f171076b5584b0b12fe7cf69e7d92ac400000004019de20cee67d51361d46d2fb84d7907bc3d496483e00fc864a301c8b15b0bd84273914cea45f25957e63c13b5f889726024decfd150ccb62124bebe89cf161	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5084dda78b5dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5A510EB-C97E-11ED-8E3C-EA594ED5DBE9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3292	iexplore.exe
3292	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3292	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3292	iexplore.exe
3292	iexplore.exe
3092	IEXPLORE.EXE
3092	IEXPLORE.EXE
3092	IEXPLORE.EXE
3092	IEXPLORE.EXE
4744	IEXPLORE.EXE
4744	IEXPLORE.EXE
4744	IEXPLORE.EXE
4744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 3092	3292	iexplore.exe	66
PID 3292 wrote to memory of 3092	3292	iexplore.exe	66
PID 3292 wrote to memory of 3092	3292	iexplore.exe	66
PID 3292 wrote to memory of 4744	3292	iexplore.exe	67
PID 3292 wrote to memory of 4744	3292	iexplore.exe	67
PID 3292 wrote to memory of 4744	3292	iexplore.exe	67

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.y2mate.com/es406/youtube
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3292 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3292 CREDAT:148483 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d34cd5dfc285c4e53c303f1f9472ac2d

SHA1
895053c124dead25c4d10ef566966949aa2fff79

SHA256
65414eb04c4f2a5406379134c518247eb6d9359e437a49b958e41df8711256eb

SHA512
8893523ecdd330d0f88aa757aced0eff47c4db0089567e4f7934b2b1ce618d816f23109e0b9033dee58cc077b10edca4fb79ec91e15eab3806f7b47c186b51dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
9e6d8dc41604f29e642cd0388dedbc39

SHA1
356865a43d9fe59ffa43408c8656722239df3746

SHA256
81ba5efa129a1fe50f089166e3bef04a5472f35d87fe32e48ec078557b809537

SHA512
2e8ee9015b023d1da8c7c00eff12d780c1e640171306f8ebfcf6ac344a3f4553d2b181c5983e4c792b3e226e96eb8236bb9cf43c3c51ed504e27d047ff9d5dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_B927703728F018DD39598B9865791655

Filesize
472B

MD5
23c054d3aee551b6fdc42a5a472a7040

SHA1
b1a46c12ac7d65c979fd1998bdb243f3dba8f956

SHA256
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404

SHA512
a3637152706100b8ccaeba521a05f5cb96570ad3bb630d919eeb0e06a3f1f27dea2fb8df128824e57de0e9fa982921bed58373a2360c95caa9f005b527483112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f7b25970e1957b943b76f846fd9332f2

SHA1
d4ff36f3f34a8809ce87049b2e40df1d4ce18407

SHA256
91ba498667d1d7b666558ac5d9b7ff60799e44edbe00d0ae82ca5af816cbf666

SHA512
568e291c64b7609579c5b1ff348660b993b6420a9b4c414195c541fa895974925b9359afd4cea63095bb157fdbacafe01fe5a74c01952d5a3713c9482ae0ab7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
0d2e5a5687233192103eda7b20836ea9

SHA1
46c85aa4af0b09ea5b31c6befab896e65543b04b

SHA256
3c41fe0e9cfbc9522eb25c772079e2ecec9a29a3224650b4d18c3f1968331d40

SHA512
0000f02bca8117569c4b7d44f0266729705a5e0318905dd8c7ba09cb51126c1f9a2d084f560b39532203470590eaf17f530ff71a5cc566f07f533f0c91a0cf78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
45a09f748c61b76bd6c695afd864c16a

SHA1
bda256e8fe171dcc7ca63033c02f46c3f57aab86

SHA256
0097b049ddbcaf01e6b96047b4a0ff884e895386bd2303ea7f535c544ab25303

SHA512
3b641b3f55716f30685714b303b93ca9da1c29115adeaeff2fe52bbcc89e019350e1b1238aa68b6e383e36219dd84588a447d49cf6f5155a5c65dcbe7a98f9a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_B927703728F018DD39598B9865791655

Filesize
402B

MD5
b2c2d0dce468a5a196a7b7f7a805087d

SHA1
e948f3c61b3abccb5782829335c94ab3b85145a5

SHA256
280a16a848257234d40b47dcfd2495026c97be4f387fe631ec5f4c96c2d54e98

SHA512
01d80b40f7d098818cd8b4c84b22330cb0054d0c67af0692c500fe27be20cca6efde4b382163f55df5710e29775c57430fae82f4f47eb86baa20543ed815788f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\logo[1].png

Filesize
7KB

MD5
0cddab075c6ff3429a9dd3509fc226cd

SHA1
0912c21e0c28453e179189c8eb98b3f10693bf8c

SHA256
b50babe7ac78cd1372303c0746b209bbaef8aa2dad09441976b7b94b4f1e733f

SHA512
e965ccdf7ea9fa70b239f69b2a2c70cbf317806545021279e183f5427b8806c8b50691edde4620632440e5a6e9365cf99270e9cda9bb6eb176c21f939c85e87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\main-v2[1].js

Filesize
146KB

MD5
84575ece3bad2b37ab20569c50a62c69

SHA1
1caac78d6053e78269a391b83706bec40b9b3868

SHA256
e1a93f169984f31ddbc1918bb2ae0cd39a32de15c22f7fb2b3b3aa0bba9789d8

SHA512
11a104f3cf913a8cec5aa6cb4b3ece27c1ebb59a57597dd4e2c87e0543574e2f74443b08bc4299d8417c7dd1532c0b4a00fa4fc5750d90d8df1e6fea562b4fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\analytics[1].js

Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\js[1].js

Filesize
115KB

MD5
5eb55c2020ec3c5a95dfb0f429c9b2df

SHA1
6b0010d6cf7086cc35a19a779217f26fc0f61f14

SHA256
d6a9977ef8ced9696fa66d89f848a61dc847b3e7b85bd3f9cc224c46ced15beb

SHA512
4bdc31ec7ed6399f3be370c549c5cec4da3fe3706faaf169e1eca9e36ef88925296076dbbe9c5b65283097ebcdf9fe2529295e6c52d076c8f88fafaf497588c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\js[2].js

Filesize
115KB

MD5
0af594c3ffd95be8eb09cdce9861454c

SHA1
008012c041e38b459f99cbbcb9114ed6a7b29542

SHA256
cbd5e95ceee90efd459c4b326defa895b6df9167abd6b6e4a24f8bc6fa467726

SHA512
f2f9609b999b8092720867bb9276ca0298726b880c55bdf3bec0cc44b6a818928f1abae958fe2e3d084c2b81608229aca4d2b8bd3dd0e53e091287a7bec759a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\js[3].js

Filesize
217KB

MD5
ad255c32abe52d5439b28b6afa12ede0

SHA1
1f93f7a6a25f3324fd85ca6c5c5c3d3ee93173bc

SHA256
17768c9da8b71f750e8fccda4eab7526371b0daad9346d7b75274211e62f60ab

SHA512
4e65a3bf4951df482b60638a4fff12bbc5f68d605ba30adfab0f9c7350eab987e6552ba99e990435bd8eb614130ce44678f004b26e32a8c711a3378022c3aeb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\bootstrap.min[1].css

Filesize
119KB

MD5
789d83905b8a93bca7a38c073f09f518

SHA1
c779bf5b8e148d96f9db229426b97f4843b7013b

SHA256
83930b790e7139ab2c35704e881844c8608a9ba1f4b22ac6f59280e62c0bb2d6

SHA512
7eee64ee5e5ef6fe9a1e5616e94214f6a28bea2a4246af4636ae66ec6b46e4e8c11cb14c49ca5858db4cb35ac4a28421001df0385dfe31719e4691dc075eef1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\common[1].js

Filesize
4KB

MD5
069c9e2883b1dafea748e54903509dc4

SHA1
8395b79dcc8b6e8e93fa6af011e4a70582c189c5

SHA256
6f4ff83196ea688b76e7872fcdf44efc8308828a02de61713bb5e1304845407e

SHA512
e4f0433190b4693bf41237831408510cec98eb532c9b82a05a99a5218ada480a84f0183ca504c6649055b1f7768710e3ac31de3a9743e2a970702fead3486eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\js[1].js

Filesize
217KB

MD5
d47187bfcd28e5d6a3539de23366ee20

SHA1
639f14abc2100ae8d7b9e716b03417bfcc26e9a1

SHA256
add52bd1cd23b6e8c80cb96a2ad9dac1328e62e52cab1bc2822a8a6320ccd5a5

SHA512
c8eff4914f61694c0bc541e22c85fec328ac3df4eaa4d3b8c13309b778d01e5206354eee0e196e67cd4bcc99594c6d59f45606e65c7c5fe3d2aa5dec078db76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\lazyload.min[1].js

Filesize
2KB

MD5
91d28e93235b85c9b92ee1efd0baa094

SHA1
9e063f63d3039327f5a3218744d1c3a9c971f5c3

SHA256
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78

SHA512
9302bba9fe32795d42bfbc2343e2618d92b22001937e27619846ae432c075f4537f0102fa85f593c03117b24942db05de34e4a009c7809c37142f7d68d1d5b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\style[1].css

Filesize
23KB

MD5
af3f761e72f5ed83fa1f1c6c0a0daade

SHA1
c4f92812571708a79e8f90d3ee1c1733d82f5286

SHA256
c06d1d681a8363845471a78e5289902d8bb4c92763d4fbcf44801ce54349c34c

SHA512
e2629e06f497b409cb0947e10027f0b521e139d4108dd64f537619f5c6f1526836ee4458e0e49986bd36e13392b9bd51f861b8fcaf5d408ca8bb471375c968be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\suggeser[1].js

Filesize
16KB

MD5
ccbda31515e1c9642d87ca4a166dcbf3

SHA1
94f0f77b129f5784136c22a409fa797310849803

SHA256
e33806d103384621c4f7d70e83fc4a17062862c6f589eeb2d5ba3ffa478f8617

SHA512
0e7f43060cdd1c91159a92908fe20b0c05bda511d7542764de3bcc1a17f3b885fb3d918a87674efa3667d904932d11141ee7925e77f6e48b4eca957aaa37b745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QXWEQ894.cookie

Filesize
383B

MD5
b9d8d9706a114600bc9423c6cce4b4f4

SHA1
d6d4cad8e1e7fe14a4e1b1727581a457603e3d12

SHA256
2ceb08bc56bc668009e9ef4108869431c76c771a4da4ef43460dd456c69d97ae

SHA512
610f071a719278fcf4d9489a546e7fa45d8e3c75ac7410bedeebae63704a4e051ae22c78c9fe586fa058295db483df81cc09f49d6dec4084c2a7892ddfcd42bf

Download Submit