Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.youtube....

windows11-21h2-x64

1

Analysis

  • max time kernel
    28s
  • max time network
    27s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/02/2024, 08:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/@FlyBoyVR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@FlyBoyVR
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f8df3cb8,0x7ff9f8df3cc8,0x7ff9f8df3cd8
      2⤵
        PID:3588
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2080
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
        2⤵
          PID:4276
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:4624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:2448
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:4528
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                2⤵
                  PID:3644
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2964
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4420
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4748
                  • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
                    "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\ResetApprove.pptm" /ou ""
                    1⤵
                    • Checks processor information in registry
                    • Enumerates system info in registry
                    • Suspicious behavior: AddClipboardFormatListener
                    • Suspicious use of SetWindowsHookEx
                    PID:2104

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          3ac94e49addbb0b2b78b1cc0c4fdc41a

                          SHA1

                          41dda9076097a81d24a814805f80979eb5736a72

                          SHA256

                          259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

                          SHA512

                          9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                          Filesize

                          216B

                          MD5

                          2c17d857dcacffc52681fb6bd25df639

                          SHA1

                          d9731a6b2fdfc9ef64ec0c8a0bbc6a4135b0ca9a

                          SHA256

                          c3bfa0c4c430a35e7191fe2787bed1796d08da0421fda11c16e03a1a87da9191

                          SHA512

                          18595c306d83e26717d0b58becc10bef11dad7defb8fca803752cf2c8d78a4ee2e9dbb02c99083a450f466651e39d2e4aaac404dff64a9e0911ece29fd8763db

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          787a784af80efbd6e669f1c15b8a9df9

                          SHA1

                          2f6431de8f797281edf71e1692221b777268c7bf

                          SHA256

                          499eaacff1d7558c56901fefe97e1a064da6dd963906628300e4c74118ff8e62

                          SHA512

                          49cadcb9166a16c1705c76706ea72a1c1f73bcab9bd0174dd4b3b30dd7a1a22396d481f3b837cbdaabf936641f72dd0d0943930adeaea29be593a162531cd1e3

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          5KB

                          MD5

                          044a93f3efe926bd79b4645bea6441bf

                          SHA1

                          68ba442e3dc42662c7ed5e0c0232df59b5515bef

                          SHA256

                          dddaa2c4f274d4f4205ecc10d21778318e7404ca774ca11579409f661da94f71

                          SHA512

                          c23d937b4f3cd265a6cbf87f05a6e18f629993a7bc9ffaef9957443b7fbf741befc3930d2d872672ba8b599a65b0c5e8a21ece47a120b95523c7562fc3d6ac7d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          3f981f0218e73e05bf79a17db6fe1ad3

                          SHA1

                          9fe9325d20eac914b24b1df8a6813487f3c21037

                          SHA256

                          0270ad7c16102e51d35c6850b8f7ec3281ade087d952f320cf9405bf301327db

                          SHA512

                          6a80ec13ffe1ea42bd82338510568c7399c3e58de893e2dc59a926c7fc69550022969abaf110d568a96264e3018f45d5124c48ea39bf60364358ab4edadb7477

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                          Filesize

                          25KB

                          MD5

                          f47e1b708a6995ba8f891bc84722fd42

                          SHA1

                          a1438c8d4a02006d6c161139ee482ebe66b6f51c

                          SHA256

                          662362a16cd5adecfe299a88b2a65ce422ea39b33bfe36c5248d3acc4baabb2c

                          SHA512

                          4757d77b86dd1b1f50d623f4a7023c6a28404922dc5f978e4ec06c653f636f3bcfca5deed8796b2e47c8c6e464071d149e57ee6d52a5cc57183c6cb85762c74b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          10KB

                          MD5

                          05d170a9ecbe12cfc55550a33dcec14c

                          SHA1

                          ffb3fdcf73dc4cf22d24b12f4e4dc4e2591c9ce9

                          SHA256

                          1ae0232be1c5fda2db3048fc99bd7689a7c5c57bcd44d79288e54685e3e86770

                          SHA512

                          ccd909ddebb12c0841983bd1d41af88f9c5343ebc86c0770994098451634377102e2e30d09564add30d7ffc63078057d51a9e42564e8118f4e861c799185ee5f

                          Download Submit

                        • memory/2104-162-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-167-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-159-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-160-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-157-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-156-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-161-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-164-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-165-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-163-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-166-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-158-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-168-0x00007FF9C56C0000-0x00007FF9C56D0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-169-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-170-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-172-0x00007FF9C56C0000-0x00007FF9C56D0000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2104-173-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-174-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-175-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-177-0x00007FFA06B00000-0x00007FFA06BBD000-memory.dmp

                          Filesize

                          756KB

                          Download

                        • memory/2104-176-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/2104-171-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                          Filesize

                          2.0MB

                          Download