Analysis Overview
SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
Threat Level: Shows suspicious behavior
The file [email protected] was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Checks installed software on the system
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:29
Reported
2024-03-02 16:30
Platform
win10-20240221-en
Max time kernel
19s
Max time network
17s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3344 wrote to memory of 4064 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
| PID 3344 wrote to memory of 4064 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
Network
Files
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/3344-26-0x0000000000400000-0x000000000043C000-memory.dmp
memory/4064-27-0x0000026642AA0000-0x0000026642ACE000-memory.dmp
memory/4064-28-0x00007FF952B20000-0x00007FF95350C000-memory.dmp
memory/4064-29-0x00000266449A0000-0x00000266449B0000-memory.dmp
memory/4064-30-0x00000266449A0000-0x00000266449B0000-memory.dmp
memory/3180-32-0x00007FF952B20000-0x00007FF95350C000-memory.dmp
memory/4064-33-0x00007FF952B20000-0x00007FF95350C000-memory.dmp
memory/3180-34-0x0000027D04190000-0x0000027D041A0000-memory.dmp
memory/3180-35-0x0000027D04190000-0x0000027D041A0000-memory.dmp
memory/4064-36-0x00000266449A0000-0x00000266449B0000-memory.dmp
memory/4064-37-0x00000266449A0000-0x00000266449B0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:29
Reported
2024-03-02 16:30
Platform
win7-20240221-en
Max time kernel
34s
Max time network
15s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2256 wrote to memory of 2608 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
| PID 2256 wrote to memory of 2608 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
| PID 2256 wrote to memory of 2608 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
| PID 2256 wrote to memory of 2608 | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UseNew.vbs"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
Network
Files
\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/2256-27-0x0000000000400000-0x000000000043C000-memory.dmp
memory/2608-29-0x0000000000330000-0x000000000035E000-memory.dmp
memory/2608-30-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/2608-31-0x000000001B360000-0x000000001B3E0000-memory.dmp
memory/2608-32-0x000000001B360000-0x000000001B3E0000-memory.dmp
memory/2372-34-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/2372-35-0x000000001B1E0000-0x000000001B260000-memory.dmp
memory/2608-36-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/2000-38-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/2000-39-0x000000001B250000-0x000000001B2D0000-memory.dmp
memory/2000-40-0x000000001B250000-0x000000001B2D0000-memory.dmp
memory/2372-41-0x000007FEF5690000-0x000007FEF607C000-memory.dmp