Overview

overview

10

Static

static

10

Endermanch...is.exe

windows7-x64

1

Endermanch...is.exe

windows10-2004-x64

Endermanch...ug.exe

windows7-x64

6

Endermanch...ug.exe

windows10-2004-x64

6

Endermanch...ck.exe

windows7-x64

7

Endermanch...ck.exe

windows10-2004-x64

7

Endermanch...om.exe

windows7-x64

1

Endermanch...om.exe

windows10-2004-x64

1

Endermanch...le.exe

windows7-x64

1

Endermanch...le.exe

windows10-2004-x64

1

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

Endermanch...er.exe

windows10-2004-x64

Endermanch...us.exe

windows7-x64

1

Endermanch...us.exe

windows10-2004-x64

1

Endermanch....C.exe

windows7-x64

10

Endermanch....C.exe

windows10-2004-x64

10

Endermanch...rd.exe

windows7-x64

10

Endermanch...rd.exe

windows10-2004-x64

9

Endermanch...a2.exe

windows7-x64

1

Endermanch...a2.exe

windows10-2004-x64

1

Endermanch...19.exe

windows7-x64

7

Endermanch...19.exe

windows10-2004-x64

7

Endermanch...eg.exe

windows7-x64

7

Endermanch...eg.exe

windows10-2004-x64

3

Endermanch...1).exe

windows7-x64

3

Endermanch...1).exe

windows10-2004-x64

3

Endermanch...ld.exe

windows7-x64

3

Endermanch...ld.exe

windows10-2004-x64

3

Resubmissions

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    140s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2023 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@FreeYoutubeDownloader.exe

  • Size

    396KB

  • MD5

    13f4b868603cf0dd6c32702d1bd858c9

  • SHA1

    a595ab75e134f5616679be5f11deefdfaae1de15

  • SHA256

    cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

  • SHA512

    e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

  • SSDEEP

    12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@FreeYoutubeDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@FreeYoutubeDownloader.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3816
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        3⤵
        • Executes dropped EXE
        PID:2720

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    Filesize

    438KB

    MD5

    1bb4dd43a8aebc8f3b53acd05e31d5b5

    SHA1

    54cd1a4a505b301df636903b2293d995d560887e

    SHA256

    a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

    SHA512

    94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

    Download Submit
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    Filesize

    438KB

    MD5

    1bb4dd43a8aebc8f3b53acd05e31d5b5

    SHA1

    54cd1a4a505b301df636903b2293d995d560887e

    SHA256

    a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

    SHA512

    94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

    Download Submit
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    Filesize

    153KB

    MD5

    f33a4e991a11baf336a2324f700d874d

    SHA1

    9da1891a164f2fc0a88d0de1ba397585b455b0f4

    SHA256

    a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

    SHA512

    edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

    Download Submit
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    Filesize

    153KB

    MD5

    f33a4e991a11baf336a2324f700d874d

    SHA1

    9da1891a164f2fc0a88d0de1ba397585b455b0f4

    SHA256

    a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

    SHA512

    edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

    Download Submit
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    Filesize

    153KB

    MD5

    f33a4e991a11baf336a2324f700d874d

    SHA1

    9da1891a164f2fc0a88d0de1ba397585b455b0f4

    SHA256

    a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

    SHA512

    edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

    Download Submit
  • memory/2720-177-0x0000000003010000-0x0000000003020000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2720-178-0x0000000003000000-0x000000000300A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2720-182-0x0000000003010000-0x0000000003020000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2720-181-0x0000000003010000-0x0000000003020000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2720-180-0x0000000074B10000-0x00000000752C0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2720-179-0x0000000003010000-0x0000000003020000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2720-173-0x00000000008E0000-0x0000000000954000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2720-174-0x0000000074B10000-0x00000000752C0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2720-175-0x0000000005B30000-0x00000000060D4000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/2720-176-0x00000000053F0000-0x0000000005482000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3052-165-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3816-168-0x000001C979630000-0x000001C979640000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3816-166-0x000001C95F130000-0x000001C95F15E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3816-167-0x00007FF837B40000-0x00007FF838601000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3816-170-0x000001C979630000-0x000001C979640000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3816-169-0x00007FF837B40000-0x00007FF838601000-memory.dmp
    Filesize

    10.8MB

    Download