Analysis

  • max time kernel
    19s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/03/2024, 16:29

General

  • Target

  • Size

    396KB

  • MD5

    13f4b868603cf0dd6c32702d1bd858c9

  • SHA1

    a595ab75e134f5616679be5f11deefdfaae1de15

  • SHA256

    cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

  • SHA512

    e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

  • SSDEEP

    12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3344
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4064
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

          Filesize

          153KB

          MD5

          f33a4e991a11baf336a2324f700d874d

          SHA1

          9da1891a164f2fc0a88d0de1ba397585b455b0f4

          SHA256

          a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

          SHA512

          edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

        • memory/3180-32-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

          Filesize

          9.9MB

        • memory/3180-34-0x0000027D04190000-0x0000027D041A0000-memory.dmp

          Filesize

          64KB

        • memory/3180-35-0x0000027D04190000-0x0000027D041A0000-memory.dmp

          Filesize

          64KB

        • memory/3344-26-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

        • memory/4064-27-0x0000026642AA0000-0x0000026642ACE000-memory.dmp

          Filesize

          184KB

        • memory/4064-28-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

          Filesize

          9.9MB

        • memory/4064-29-0x00000266449A0000-0x00000266449B0000-memory.dmp

          Filesize

          64KB

        • memory/4064-30-0x00000266449A0000-0x00000266449B0000-memory.dmp

          Filesize

          64KB

        • memory/4064-33-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

          Filesize

          9.9MB

        • memory/4064-36-0x00000266449A0000-0x00000266449B0000-memory.dmp

          Filesize

          64KB

        • memory/4064-37-0x00000266449A0000-0x00000266449B0000-memory.dmp

          Filesize

          64KB