Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
1774s -
max time network
1804s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-03-2024 21:55
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
-
Size
396KB
-
MD5
13f4b868603cf0dd6c32702d1bd858c9
-
SHA1
a595ab75e134f5616679be5f11deefdfaae1de15
-
SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
-
SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
SSDEEP
12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of WriteProcessMemory 44 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]"1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1668 --field-trial-handle=2272,i,17338911640954948469,1637568328132129119,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2272,i,17338911640954948469,1637568328132129119,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
438KB
MD51bb4dd43a8aebc8f3b53acd05e31d5b5
SHA154cd1a4a505b301df636903b2293d995d560887e
SHA256a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02
SHA51294c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce
-
Filesize
153KB
MD5f33a4e991a11baf336a2324f700d874d
SHA19da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
584KB
-
Filesize
464KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
240KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
184KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
64KB