aec7d3254663753493cc816f6064fd39c6eaa477e9fe1af715480c4c2aee8112

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/mp3tubedownloader-tb-setup.exe
Size

522KB
MD5

7527ab5ac2c6e787c4e3f2aa3b18ccc0
SHA1

a8592be06f5bb8e46b143d13ea3b10762e85e6de
SHA256

7e29d985209500f030d5ce5fe6a2c4ab2229d42eadee1b7fb66953967aecd911
SHA512

2025878ea1f605a1da0d798992d820ba27d528f8dc4427f903a2e9c2d3c54a464dd69fe674c6f7b9efdb814f1de0119e61d9bbe650918134d4e38f55c7fdbd96
SSDEEP

12288:ITjIznvFsLpsTreHcJ8CFfGPDKRU+S+3HtqQ0AS3:I6NfNo4USPjS3

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2240	Mp3TubeDownloaderSvc.exe
1920	Mp3TubeDownloaderSvc.exe
1460	Mp3TubeDownloaderSvc.exe
2340	Mp3TubeDownloader.exe

Loads dropped DLL 19 IoCs

pid	Process
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
2620	mp3tubedownloader-tb-setup.exe
1460	Mp3TubeDownloaderSvc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 61 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\savetomp3popup.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\install.rdf	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\mp3button-intro.css	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\plainbutton.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideo.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\btn_close.png	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3_disabled.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3_disabled.png	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3popup-musicicon.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\popup-bg.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideodlg.js	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3popup-musicicon.png	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\toolbar.xul	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\arrow_big.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3popup.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\mp3button-dialog.css	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\mp3tubedownloadertb.dll	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\savetomp3popup.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\divider.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\events.js	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideodlg.xul	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\uninstall.exe	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\constants.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\savetomp3popup.xul	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\tbcore.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\mp3button-dialog.css	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome.manifest	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\events.js	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\mp3tube-button-bg.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\install.rdf	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloader.exe	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideodlg.xul	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\toolbar.xul	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\icon-RSS.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\arrow.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\toolbar.css	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome.manifest	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideodlg.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\mp3tube-button-bg.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\constants.js	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\tbcore.js	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\arrow_big.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\mp3button-intro.css	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\convertvideo.js	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\savemp3popup.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\btn_close.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\divider.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\icon-RSS.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\plainbutton.png	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\toolbar.css	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\arrow.png	mp3tubedownloader-tb-setup.exe
File created	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\skin\buttons\popup-bg.png	mp3tubedownloader-tb-setup.exe
File opened for modification	C:\Program Files (x86)\Mp3TubeDownloader Toolbar\xpi\chrome\content\savetomp3popup.xul	mp3tubedownloader-tb-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\AutoSearch = "0"	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar	mp3tubedownloader-tb-setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\URLSEARCHHOOKS	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91EB9201-B0F9-11EE-8CD0-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}\InProcServer32\ = "\"C:\\Program Files (x86)\\Mp3TubeDownloader Toolbar\\mp3tubedownloadertb.DLL\""	mp3tubedownloader-tb-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}\InProcServer32\ThreadingModel = "Apartment"	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}	mp3tubedownloader-tb-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}\ = "Mp3TubeDownloader"	mp3tubedownloader-tb-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F16A166-C166-49b7-AE74-8CC7ED4196EF}\InProcServer32	mp3tubedownloader-tb-setup.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1460	Mp3TubeDownloaderSvc.exe
1460	Mp3TubeDownloaderSvc.exe
1460	Mp3TubeDownloaderSvc.exe
1460	Mp3TubeDownloaderSvc.exe
1460	Mp3TubeDownloaderSvc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
536	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
536	iexplore.exe
536	iexplore.exe
1008	IEXPLORE.EXE
1008	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1008	536	iexplore.exe	29
PID 536 wrote to memory of 1008	536	iexplore.exe	29
PID 536 wrote to memory of 1008	536	iexplore.exe	29
PID 536 wrote to memory of 1008	536	iexplore.exe	29
PID 2620 wrote to memory of 2240	2620	mp3tubedownloader-tb-setup.exe	30
PID 2620 wrote to memory of 2240	2620	mp3tubedownloader-tb-setup.exe	30
PID 2620 wrote to memory of 2240	2620	mp3tubedownloader-tb-setup.exe	30
PID 2620 wrote to memory of 2240	2620	mp3tubedownloader-tb-setup.exe	30
PID 2620 wrote to memory of 1920	2620	mp3tubedownloader-tb-setup.exe	32
PID 2620 wrote to memory of 1920	2620	mp3tubedownloader-tb-setup.exe	32
PID 2620 wrote to memory of 1920	2620	mp3tubedownloader-tb-setup.exe	32
PID 2620 wrote to memory of 1920	2620	mp3tubedownloader-tb-setup.exe	32
PID 1460 wrote to memory of 2340	1460	Mp3TubeDownloaderSvc.exe	35
PID 1460 wrote to memory of 2340	1460	Mp3TubeDownloaderSvc.exe	35
PID 1460 wrote to memory of 2340	1460	Mp3TubeDownloaderSvc.exe	35
PID 1460 wrote to memory of 2340	1460	Mp3TubeDownloaderSvc.exe	35

C:\Users\Admin\AppData\Local\Temp\$TEMP\mp3tubedownloader-tb-setup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\mp3tubedownloader-tb-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe
  "Mp3TubeDownloaderSvc.exe" -i
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe
  "Mp3TubeDownloaderSvc.exe" -r
  2⤵
  - Executes dropped EXE
  PID:1920

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1008

C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe
"C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloader.exe
  "C:\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloader.exe" 8ea61f6331159b5e9a4c290d1dfc4bcb
  2⤵
  - Executes dropped EXE
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloader.exe

Filesize
180KB

MD5
717a59b3e58b0bf9cd39a2f00f370546

SHA1
8850091309e738bc9b4ad16381c27c40152c367b

SHA256
602a0eb7be172180979c197b0340d278bf5494cea7d5e41b9802e721c98d8360

SHA512
4ee1857a214caad7dbaa85d50c5c34f5111b474c89100282ad5f5eebe141c3cb057e0bee815b6dfd5f35e441b22cb7421fe18d4600ad9e0a672482ac978fed16

Download Submit
\Program Files (x86)\Mp3TubeDownloader Toolbar\Mp3TubeDownloaderSvc.exe

Filesize
156KB

MD5
ecaf84c10b0f4e12a3f2108b83ae8557

SHA1
4f42ed7e1db1610f886385ec82147e5e2eaccb4b

SHA256
41d8e857e83a4c2d4ecbf75f3b759bf7cef858362dca0558f3b65262aa89eb30

SHA512
e5c56216be01696519cb058158276d671066bf6fd445faa83b6b26fa2b7b710a4c3675daea716e05660fc7adc469fc7df07edcf9a309cfa7c87412b33622fe09

Download Submit
\Program Files (x86)\Mp3TubeDownloader Toolbar\mp3tubedownloadertb.dll

Filesize
928KB

MD5
cfcf25f560bf3fd86d7a7c78e12967d2

SHA1
d95569828f4e1d14f14aedeebd486d968a9152b8

SHA256
d0ad885cf83a5c72143c85d45edd2847cfaf6a67d023208b8eebd662db5212cd

SHA512
a28907c0a1feffce4e3751a06580510202148ee58093bb2da3c2712f19b561fc830f9783482124059647bf1a6c11f5ce5df5d1ab1486c909bc12405d17528921

Download Submit
\Users\Admin\AppData\Local\Temp\nst8097.tmp\System.dll

Filesize
10KB

MD5
fe24766ba314f620d57d0cf7339103c0

SHA1
8641545f03f03ff07485d6ec4d7b41cbb898c269

SHA256
802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

SHA512
60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

Download Submit
memory/2620-88-0x0000000002A90000-0x0000000002B7F000-memory.dmp

Filesize
956KB

Download
memory/2620-92-0x00000000004D0000-0x00000000004D2000-memory.dmp

Filesize
8KB

Download