15af89dba8bef59a6aba55d0b2120a432a8385fe30a5cdcacca58eb164ec7119

Analysis

max time kernel
1s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2183aa06a9f4089d657917e5e78a407c.exe
Size

1.5MB
MD5

2183aa06a9f4089d657917e5e78a407c
SHA1

6581cd43a14b8eb63be094d0141d2e3ce5657be6
SHA256

15af89dba8bef59a6aba55d0b2120a432a8385fe30a5cdcacca58eb164ec7119
SHA512

9cb8e92164d5b79eef6e26375c3190c299313b33f091151c2fc63040935166d640252f137bee26ea600ae3365826ca8b7fe3ec30d0a50ff027760bbc02c542ff
SSDEEP

49152:xF76ZdwqH+W2Ws7wvdeCTWZlzD1U/oCNCzP6Q8Q:xlzY+WawFTwl11+ir9

Score

7^/10

adware spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1292	tx.exe

Loads dropped DLL 2 IoCs

pid	Process
1292	tx.exe
2360	regsvr32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json	tx.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json	tx.exe
File created	C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json	tx.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json	tx.exe
File created	C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json	tx.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\ = "YoutubeAdblocker"	tx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\NoExplorer = "1"	tx.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\YoutubeAdblocker\Y.tlb	tx.exe
File created	C:\Program Files (x86)\YoutubeAdblocker\Y.dat	tx.exe
File opened for modification	C:\Program Files (x86)\YoutubeAdblocker\Y.dat	tx.exe
File created	C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll	tx.exe
File opened for modification	C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll	tx.exe
File created	C:\Program Files (x86)\YoutubeAdblocker\Y.dll	tx.exe
File opened for modification	C:\Program Files (x86)\YoutubeAdblocker\Y.dll	tx.exe
File created	C:\Program Files (x86)\YoutubeAdblocker\Y.tlb	tx.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	tx.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	tx.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\Programmable	tx.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\Programmable	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ = "IRegistry"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\CLSID	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CurVer\ = "YoutubeAdblocker.1.0"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\Version = "1.0"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\ProgID\ = "YoutubeAdblocker.1.0"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\VersionIndependentProgID	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\VersionIndependentProgID\ = "YoutubeAdblocker"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\Version = "1.0"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\ = "YoutubeAdblocker"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\YoutubeAdblocker"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0	tx.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\InprocServer32	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\Y.tlb"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\ = "YoutubeAdblocker"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\InprocServer32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\Y.dll"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CurVer	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CLSID	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\InprocServer32	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\InprocServer32\ThreadingModel = "Apartment"	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib	tx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ = "IRegistry"	tx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32	tx.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2}\ProgID	tx.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 1292	4452	2183aa06a9f4089d657917e5e78a407c.exe	23
PID 4452 wrote to memory of 1292	4452	2183aa06a9f4089d657917e5e78a407c.exe	23
PID 4452 wrote to memory of 1292	4452	2183aa06a9f4089d657917e5e78a407c.exe	23
PID 1292 wrote to memory of 2360	1292	tx.exe	24
PID 1292 wrote to memory of 2360	1292	tx.exe	24
PID 1292 wrote to memory of 2360	1292	tx.exe	24
PID 2360 wrote to memory of 4236	2360	regsvr32.exe	25
PID 2360 wrote to memory of 4236	2360	regsvr32.exe	25

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{600CFA33-4D1A-3D15-C616-B51562E6A6E2} = "1"	tx.exe

C:\Users\Admin\AppData\Local\Temp\2183aa06a9f4089d657917e5e78a407c.exe
"C:\Users\Admin\AppData\Local\Temp\2183aa06a9f4089d657917e5e78a407c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Users\Admin\AppData\Local\Temp\54074046\tx.exe
  "C:\Users\Admin\AppData\Local\Temp/54074046/tx.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1292
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s "C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll"
      4⤵
      PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\YoutubeAdblocker\Y.dll

Filesize
176KB

MD5
6da665e0d6df61bf66a46e3c00578be6

SHA1
75a20f56f50ab84f43c7d5e8700bc8e48416d564

SHA256
09365818f3c3d97d8e24f6b808c08b55dbc66c893e017ae2212d93e96e4a79ce

SHA512
1707326176c0495a042fd95ae4b642b319213ade03ef0324c41db14f975494e8fcc832410b0871d0469bda9329cfe5b92b96b107f88ddea8e1b5b53e51c15a45

Download Submit
C:\Program Files (x86)\YoutubeAdblocker\Y.dll

Filesize
84KB

MD5
d782dcb432892ec48443c0bada444b96

SHA1
624c1f875340e1b1f13bbf25e6ba3eec3c4986c4

SHA256
927afbe1cfe6b66dbd669129e053fa734b58953ddb68d4ce87c792c9f0ad4840

SHA512
0cf31977a836bd8e858a2926d363db6924f945c039a1413bafd23bea3e30713e79b803fa941cb008175ac00f6d9496ad0a9e12e93cacf35d4e44416ac5abf6ad

Download Submit
C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll

Filesize
112KB

MD5
026cbd846692ba2d4673b60100d5aa2d

SHA1
08f1b13979f989deb88e34b60d8c58ff5e805ea2

SHA256
e4205761c72515520bac23b322f0e361590d57280cebaddbf2d0cfd087e145d4

SHA512
2922bd011a03b5e6e37fb11c4f73afc576cda11294aed0985969e92c05f0883b163752edbc703497f4da4592a9ea74ac575dd398898fda37653c8f91791be21e

Download Submit
C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll

Filesize
149KB

MD5
d6d198722f98e054ba0a210173ffb5c0

SHA1
9915aeda4836b27c0561e3a7a3380b5138502e53

SHA256
9f03ecfd78d95daf468645be5533d268e1e5c93499804875e6dc2d22960cad6e

SHA512
2335f3ce14194d852c039d6be72b1b20a1c628fb15e60b4a6b8fd776e8a9416a113ca48a71ca5736aafc20981989377d9ef0beaa81def1b6d8ef6f78878e2cec

Download Submit
C:\Program Files (x86)\YoutubeAdblocker\Y.x64.dll

Filesize
172KB

MD5
223a6c2ae29c56bc77c6281330c571c7

SHA1
54aed7e11197d906f544aeef593253f5c455c2a3

SHA256
88a74d6e0a7b4e41a9321f09eef3d15ecf72a9c237b4a745ec10ae42e9677aca

SHA512
44736caef07b9fd969153df88c176aae2b5e200f299a95a4150e75d66d32d4b04ce5ae23d40b2dae6b0498486286ab16e580160fc25758e15e7f6b92933f376b

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\Y.dll

Filesize
232KB

MD5
93b9a157263ba874b208b73e80d9f487

SHA1
7df3a0dc2222332b1b03e2da381bfe72ca549eec

SHA256
9bce982cfc3dd6ba4745609a7e41ddfafbe5f19b2532e05ab888aea3623f1418

SHA512
3eacff9cdc03ed2ccb69778b3f6764dd277d6f949535a20b592807db78cb8b4ff4851c5f7e6abb15adcf4f4ecbb87b56e93038d8f59c9d735759fe125dd410af

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\Y.tlb

Filesize
3KB

MD5
c4e4f9ae959ce5f93700ff76e4e0a0b5

SHA1
951aa1d74ae6092a91c01a8f2f7cbe9cb435bf13

SHA256
6c2c8c5167ffb730cb087d1d8518e4b0c3731d5a02caf3a0af5a75e76b15c95e

SHA512
a7641f8614f1916e992c9b888e53bc4d49802830762fc7f6f2d969046ca50b7591f05de0a9d08265fd77c50a9cb1d416c7006ab3d2a9d46a3889ab49c47e5a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\Y.x64.dll

Filesize
349KB

MD5
7b1cb1d2dd5d2dca60d44db638bf2c0f

SHA1
8550aff00ba06bcffa711108ce5d7b2770d47d11

SHA256
8268b2a7ec592aa19cfd6ddf18f36407b2137ab33bd0cd6201ade1edeb3cac00

SHA512
5002151c88c08803fb05251572707456ad1b22b55a7da534c710781ec7f55ab6dbae4dcde7ab968843b741c20d4e412a1ead82514f9e7b4399a8b6ae965a9187

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\hdaecmgepkanmhooojhmkhfbfakkelnk\content.js

Filesize
144B

MD5
0654917402505bc71a231599d02e09a2

SHA1
e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff

SHA256
9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae

SHA512
3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\tx.dat

Filesize
3KB

MD5
1f56db9a3b8826d0bd8e5762c08be2d5

SHA1
ff29e7be5361af3bd553709c353a2bddb6565013

SHA256
b3c7e3f487101e973d59e446a69d103ab020edd0b38eb8de3a6c4bb4c2165363

SHA512
9d6e540f391037fe1dd5ee711953e9e8178e31112e9480e6d792f75aeead7e156bd3a88b2409c62b4ef11b4575beac72d1d59041108517eb0f84621fc2d436a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\54074046\tx.exe

Filesize
14KB

MD5
808097240401b4ec6e9dfeee16474084

SHA1
f7cb85c7f82273aba718ace0ac303187e32e642b

SHA256
a7a29625b7cc8c0e9726095624b6ff5b4643ac71ef0365efa74e02f829bc75f8

SHA512
a8e34e7ec011699546c6ca235cfc0d8ea9a91a71a798299af7ff1d5cc7bfff81a0890e8311dbc1d612e345a05ef7f0ca8ae5a6af7c32117bb3377331f4380acd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dtar83su.Admin\extensions\staged\[email protected]\chrome.manifest

Filesize
22B

MD5
bcef38b7cd557cdb8fe11388bb63721e

SHA1
f7eb6edaf3ea0ff086cbf3249498b2213a71a75a

SHA256
713a2cf2a0ba4302102ee6f7a608c46b3324ec761c8f3e86321746018386f526

SHA512
6c0717333a83cd1818ec699ece47e4f1f4d9afd6b21567d95b395bbeb82008bfa648d8479384e7a26b0222ac0b02deb88075315b384007618cadc6d784327ab7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\extensions\staged\[email protected]\bootstrap.js

Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\extensions\staged\[email protected]\content\bg.js

Filesize
8KB

MD5
cdddf0311844011fd92a4848d09e87a1

SHA1
bd449c3aff021e1987e17b13bb56ae3dc393994a

SHA256
586c5447959dfb6ca4119a53c0a152471a456237818129af5f7d500a96303e12

SHA512
d6d4100b94b0becc9b72dc395481920c761c0f9879374758dfc957092c0347bfcfa1873e8a72e3979b33f72d27f7d32042e37e4ee997811f4850ccb544ec6bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\extensions\staged\[email protected]\install.rdf

Filesize
608B

MD5
50aba8c681d1a177bc2272b9479a9769

SHA1
484e63b540cecbeef0f821eb8170c64eb9fa6558

SHA256
486d784f84981d6d1764883ded1234085aa6742ab1c60f243153e20b8fc9c4b3

SHA512
bf9d5e32a7d99a2e944c3cff3b0201614c02ffa6caaf5bbc04da99cd3bf7dd6ed496edd8cf1065707a4919576648ec423ce4f049f08b6bf4f2163e6814b3d4b9

Download Submit
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\bNB.js

Filesize
6KB

MD5
1d7dc5be3c222e198743cee909e728dd

SHA1
ccebd9f8dae9a198bccb1ddc6604ae25e347aaee

SHA256
2f12efa33a421af1da20a3041cc43cd9194b9f8cb5fc249b348f6c47965d2884

SHA512
5d57a39b6bee2895fbb435003c36ea728f1b98ad24ae9ac9e6b934e3e26d10612a0ba3e862cf5b1db72730ef80813a1824abfd27c87fcb911553414ed46b685d

Download Submit
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\manifest.json

Filesize
508B

MD5
e2832fbedae560495781610b5c511afa

SHA1
95f9c6fe1ea5a6ee009bce1e9c215ef53fb5c108

SHA256
6e03e688a9f7cc23a788e004cea4c87ee73e36c1053d2fb34a214bcc597f3ea2

SHA512
2e206b58d02a88d21cb0cd74d5523b9f07f4558b4af9a19936befb256c2dc868107ab1716849e09b665721d1ac7b01ba6762bb54822596e39a4cdad763c68cb9

Download Submit
C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\lsdb.js

Filesize
531B

MD5
36d98318ab2b3b2585a30984db328afb

SHA1
f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

SHA256
ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

SHA512
6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

Download Submit
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaecmgepkanmhooojhmkhfbfakkelnk\1.0\background.html

Filesize
140B

MD5
f8860ef0214ccbd265e3df43f0581aae

SHA1
182c92c9298b156ed4e902e01761012cba6967f6

SHA256
664821f0441faf2c8ade8c54aaca97fb84cce98ce025f536ac3565d70c29dd63

SHA512
d2e17f23c30e3e0b856bf5587adfc9b6254966d18743a7edb80ed0876d90f7375c0e271fb798e73a2bc570b12b9c5c636fb0913a3ce92c67bf332f4030e448d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads