Analysis
-
max time kernel
30s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 03:40
Static task
static1
Behavioral task
behavioral1
Sample
Angetube-40.70.0-Full-Installer-x64.exe
Resource
win7-20231215-en
General
-
Target
Angetube-40.70.0-Full-Installer-x64.exe
-
Size
145.6MB
-
MD5
7bebcac6dc73beaec41bf15100a5a0d9
-
SHA1
79219ecd1b81be4c01ea9465c73c0b7bd3d17ef8
-
SHA256
3db20665e5be34a87dfdc3c39d862be6835976e533f062328264981a1aa5a086
-
SHA512
ca342be4598634563fa4c7d4abe7f4ec67da7ba4ffd6aa92a90d4231d30a5acec5069b239db170fc256197184da2e4246bf044ea8f16e046f55bd4d4ed932c0f
-
SSDEEP
3145728:lHvXnfJx21lfECFGMGtnLE7poPco2HkSU9SH0B7B5VQU8nc6x6D:R21lfDwMG5LE7poUdkS4SUBd5V7
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2452 check_for_64bit_visual_studio_2019_runtimes.exe -
Loads dropped DLL 6 IoCs
pid Process 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gl-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hu-HU.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-US.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ca-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\es-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ms-MY.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\premultiplied_alpha.effect Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\tr-TR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ro-RO.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\ca-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\zh-CN.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\nl-NL.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\en-GB.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\de-DE.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\ar-SA.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\el-GR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\format_conversion.effect Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\tl-PH.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sk-SK.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\scripts\clock-source\dial.png Angetube-40.70.0-Full-Installer-x64.exe File opened for modification C:\Program Files\angetube\bin\64bit\swscale-5.dll Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\it-IT.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\da-DK.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\el-GR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\pt-BR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\pl-PL.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\hi-IN.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\ro-RO.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\hr-HR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\decklink-captions\.keepme Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\el-GR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\fi-FI.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\pt-PT.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ta-IN.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\et-EE.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\default.effect Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\it-IT.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\pt-PT.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ka-GE.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\hr-HR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\gd-GB.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ca-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\enc-amf-test64.pdb Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\cs-CZ.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\es-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File opened for modification C:\Program Files\angetube\data\obs-plugins\win-capture\graphics-hook32.dll Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sk-SK.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\kab-KAB.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\he-IL.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\it-IT.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\hr-HR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\bn-BD.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\opaque.effect Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\tr-TR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\gl-ES.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\image-source\locale\ko-KR.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\obs-ffmpeg\locale\sk-SK.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\deinterlace_linear.effect Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\ar-SA.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\coreaudio-encoder\locale\sv-SE.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\enc-amf\locale\sr-CS.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\ba-RU.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\obs-plugins\frontend-tools\locale\sr-SP.ini Angetube-40.70.0-Full-Installer-x64.exe File created C:\Program Files\angetube\data\libobs\deinterlace_blend_2x.effect Angetube-40.70.0-Full-Installer-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe 2128 Angetube-40.70.0-Full-Installer-x64.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2452 2128 Angetube-40.70.0-Full-Installer-x64.exe 29 PID 2128 wrote to memory of 2452 2128 Angetube-40.70.0-Full-Installer-x64.exe 29 PID 2128 wrote to memory of 2452 2128 Angetube-40.70.0-Full-Installer-x64.exe 29 PID 2128 wrote to memory of 2452 2128 Angetube-40.70.0-Full-Installer-x64.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"C:\Users\Admin\AppData\Local\Temp\Angetube-40.70.0-Full-Installer-x64.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exeC:\Users\Admin\AppData\Local\Temp\nst1A37.tmp\check_for_64bit_visual_studio_2019_runtimes.exe2⤵
- Executes dropped EXE
PID:2452
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"2⤵PID:1708
-
C:\Windows\system32\regsvr32.exe/s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module64.dll"3⤵PID:3028
-
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\angetube\data\obs-plugins\win-dshow\angetube-virtualcam-module32.dll"2⤵PID:2760
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angetube\Angetube (64bit).lnk"2⤵PID:2196
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:2300
-
C:\Program Files\angetube\bin\64bit\angetube64.exe"C:\Program Files\angetube\bin\64bit\angetube64.exe"2⤵PID:1728
-
-
C:\Program Files\angetube\bin\64bit\angetube64.exe"C:\Program Files\angetube\bin\64bit\angetube64.exe"1⤵PID:2124
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480