Malware Analysis Report

2025-08-11 01:05

Sample ID 240302-tzk8mafc83
Target [email protected]
SHA256 cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

Threat Level: Shows suspicious behavior

The file [email protected] was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 16:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-02 16:29

Reported

2024-03-02 16:30

Platform

win10-20240221-en

Max time kernel

19s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

Network

N/A

Files

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/3344-26-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4064-27-0x0000026642AA0000-0x0000026642ACE000-memory.dmp

memory/4064-28-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

memory/4064-29-0x00000266449A0000-0x00000266449B0000-memory.dmp

memory/4064-30-0x00000266449A0000-0x00000266449B0000-memory.dmp

memory/3180-32-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

memory/4064-33-0x00007FF952B20000-0x00007FF95350C000-memory.dmp

memory/3180-34-0x0000027D04190000-0x0000027D041A0000-memory.dmp

memory/3180-35-0x0000027D04190000-0x0000027D041A0000-memory.dmp

memory/4064-36-0x00000266449A0000-0x00000266449B0000-memory.dmp

memory/4064-37-0x00000266449A0000-0x00000266449B0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 16:29

Reported

2024-03-02 16:30

Platform

win7-20240221-en

Max time kernel

34s

Max time network

15s

Command Line

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UseNew.vbs"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

Network

N/A

Files

\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/2256-27-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2608-29-0x0000000000330000-0x000000000035E000-memory.dmp

memory/2608-30-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

memory/2608-31-0x000000001B360000-0x000000001B3E0000-memory.dmp

memory/2608-32-0x000000001B360000-0x000000001B3E0000-memory.dmp

memory/2372-34-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

memory/2372-35-0x000000001B1E0000-0x000000001B260000-memory.dmp

memory/2608-36-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

memory/2000-38-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

memory/2000-39-0x000000001B250000-0x000000001B2D0000-memory.dmp

memory/2000-40-0x000000001B250000-0x000000001B2D0000-memory.dmp

memory/2372-41-0x000007FEF5690000-0x000007FEF607C000-memory.dmp