Analysis

  • max time kernel
    30s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 03:40

General

  • Target

    Angetube-40.70.0-Full-Installer-x64.exe

  • Size

    145.6MB

  • MD5

    7bebcac6dc73beaec41bf15100a5a0d9

  • SHA1

    79219ecd1b81be4c01ea9465c73c0b7bd3d17ef8

  • SHA256

    3db20665e5be34a87dfdc3c39d862be6835976e533f062328264981a1aa5a086

  • SHA512

    ca342be4598634563fa4c7d4abe7f4ec67da7ba4ffd6aa92a90d4231d30a5acec5069b239db170fc256197184da2e4246bf044ea8f16e046f55bd4d4ed932c0f

  • SSDEEP

    3145728:lHvXnfJx21lfECFGMGtnLE7poPco2HkSU9SH0B7B5VQU8nc6x6D:R21lfDwMG5LE7poUdkS4SUBd5V7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
      C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe
      2⤵
      • Executes dropped EXE
      PID:2452
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"
      2⤵
        PID:1708
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"
          3⤵
            PID:3028
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module32.dll"
          2⤵
            PID:2760
          • C:\Windows\explorer.exe
            "C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angetube\Angetube (64bit).lnk"
            2⤵
              PID:2196
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            1⤵
              PID:2300
              • C:\Program Files\angetube\bin\64bit\angetube64.exe
                "C:\Program Files\angetube\bin\64bit\angetube64.exe"
                2⤵
                  PID:1728
              • C:\Program Files\angetube\bin\64bit\angetube64.exe
                "C:\Program Files\angetube\bin\64bit\angetube64.exe"
                1⤵
                  PID:2124

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • \Users\Admin\AppData\Local\Temp\nst1A37.tmp\InstallOptions.dll

                        Filesize

                        15KB

                        MD5

                        ece25721125d55aa26cdfe019c871476

                        SHA1

                        b87685ae482553823bf95e73e790de48dc0c11ba

                        SHA256

                        c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

                        SHA512

                        4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

                      • memory/1728-1443-0x0000000070680000-0x00000000706B6000-memory.dmp

                        Filesize

                        216KB

                      • memory/1728-1436-0x0000000000580000-0x000000000058A000-memory.dmp

                        Filesize

                        40KB

                      • memory/1728-1406-0x000000013FD80000-0x00000001407CE000-memory.dmp

                        Filesize

                        10.3MB

                      • memory/1728-1411-0x00000000001A0000-0x00000000001B0000-memory.dmp

                        Filesize

                        64KB

                      • memory/1728-1413-0x0000000002DF0000-0x00000000033D8000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/1728-1412-0x0000000002DF0000-0x00000000033D8000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/1728-1433-0x0000000000580000-0x000000000058A000-memory.dmp

                        Filesize

                        40KB

                      • memory/1728-1432-0x0000000000580000-0x000000000058A000-memory.dmp

                        Filesize

                        40KB

                      • memory/1728-1434-0x0000000002DF0000-0x00000000033D8000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/1728-1442-0x000000006D540000-0x000000006D5A2000-memory.dmp

                        Filesize

                        392KB

                      • memory/1728-1440-0x000007FEF3ED0000-0x000007FEF53A6000-memory.dmp

                        Filesize

                        20.8MB

                      • memory/1728-1437-0x0000000000580000-0x000000000058A000-memory.dmp

                        Filesize

                        40KB

                      • memory/1728-1447-0x000000006AD00000-0x000000006AD24000-memory.dmp

                        Filesize

                        144KB

                      • memory/1728-1454-0x0000000000580000-0x0000000000582000-memory.dmp

                        Filesize

                        8KB

                      • memory/1728-1453-0x000007FEF3710000-0x000007FEF37A6000-memory.dmp

                        Filesize

                        600KB

                      • memory/1728-1452-0x000000006D840000-0x000000006D8C0000-memory.dmp

                        Filesize

                        512KB

                      • memory/1728-1451-0x0000000069D00000-0x0000000069E60000-memory.dmp

                        Filesize

                        1.4MB

                      • memory/1728-1450-0x000007FEF37C0000-0x000007FEF39FB000-memory.dmp

                        Filesize

                        2.2MB

                      • memory/1728-1449-0x000007FEF6900000-0x000007FEF6928000-memory.dmp

                        Filesize

                        160KB

                      • memory/1728-1448-0x000007FEF3A00000-0x000007FEF3B25000-memory.dmp

                        Filesize

                        1.1MB

                      • memory/1728-1446-0x000007FEF3B30000-0x000007FEF3EC9000-memory.dmp

                        Filesize

                        3.6MB

                      • memory/1728-1445-0x0000000066280000-0x00000000664A6000-memory.dmp

                        Filesize

                        2.1MB

                      • memory/1728-1371-0x000007FEF6040000-0x000007FEF6581000-memory.dmp

                        Filesize

                        5.3MB

                      • memory/1728-1444-0x000000006B680000-0x000000006B730000-memory.dmp

                        Filesize

                        704KB

                      • memory/1728-1435-0x0000000002DF0000-0x00000000033D8000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/1728-1441-0x0000000062500000-0x0000000062755000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/2124-1460-0x0000000001E10000-0x0000000001E1A000-memory.dmp

                        Filesize

                        40KB

                      • memory/2124-1461-0x0000000001E10000-0x0000000001E1A000-memory.dmp

                        Filesize

                        40KB

                      • memory/2124-1458-0x0000000002FA0000-0x0000000003588000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/2124-1457-0x00000000001B0000-0x00000000001C0000-memory.dmp

                        Filesize

                        64KB

                      • memory/2124-1459-0x0000000002FA0000-0x0000000003588000-memory.dmp

                        Filesize

                        5.9MB

                      • memory/2124-1456-0x000000013F9C0000-0x000000014040E000-memory.dmp

                        Filesize

                        10.3MB

                      • memory/2124-1475-0x0000000069D00000-0x0000000069E60000-memory.dmp

                        Filesize

                        1.4MB

                      • memory/2124-1476-0x000000006D840000-0x000000006D8C0000-memory.dmp

                        Filesize

                        512KB

                      • memory/2124-1468-0x000000006B680000-0x000000006B730000-memory.dmp

                        Filesize

                        704KB

                      • memory/2124-1474-0x000007FEF3610000-0x000007FEF384B000-memory.dmp

                        Filesize

                        2.2MB

                      • memory/2124-1455-0x000007FEF5AF0000-0x000007FEF6031000-memory.dmp

                        Filesize

                        5.3MB

                      • memory/2124-1477-0x000007FEF6090000-0x000007FEF6126000-memory.dmp

                        Filesize

                        600KB

                      • memory/2124-1464-0x000007FEF3980000-0x000007FEF4E56000-memory.dmp

                        Filesize

                        20.8MB

                      • memory/2124-1473-0x000007FEF6F40000-0x000007FEF6F68000-memory.dmp

                        Filesize

                        160KB

                      • memory/2124-1472-0x000007FEF3850000-0x000007FEF3975000-memory.dmp

                        Filesize

                        1.1MB

                      • memory/2124-1471-0x000000006AD00000-0x000000006AD24000-memory.dmp

                        Filesize

                        144KB

                      • memory/2124-1470-0x000007FEF6130000-0x000007FEF64C9000-memory.dmp

                        Filesize

                        3.6MB

                      • memory/2124-1469-0x0000000066280000-0x00000000664A6000-memory.dmp

                        Filesize

                        2.1MB

                      • memory/2124-1467-0x0000000070680000-0x00000000706B6000-memory.dmp

                        Filesize

                        216KB

                      • memory/2124-1466-0x000000006D540000-0x000000006D5A2000-memory.dmp

                        Filesize

                        392KB

                      • memory/2124-1465-0x0000000062500000-0x0000000062755000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/2452-97-0x0000000000400000-0x000000000040E000-memory.dmp

                        Filesize

                        56KB