734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
1724s
max time network
1572s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Size

396KB
MD5

13f4b868603cf0dd6c32702d1bd858c9
SHA1

a595ab75e134f5616679be5f11deefdfaae1de15
SHA256

cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512

e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
SSDEEP

12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 15 IoCs

Processes:

Free YouTube Downloader.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exeBox.exe

pid	process
2668	Free YouTube Downloader.exe
1692	Box.exe
1884	Box.exe
2804	Box.exe
1704	Box.exe
2300	Box.exe
2920	Box.exe
1096	Box.exe
2272	Box.exe
2332	Box.exe
2652	Box.exe
1992	Box.exe
2976	Box.exe
2696	Box.exe
1176	Box.exe

Loads dropped DLL 2 IoCs

Processes:

[email protected]

pid process

2016 [email protected]
2016 [email protected]

pid	process
2016	[email protected]
2016	[email protected]

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

2668 Free YouTube Downloader.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

2668 Free YouTube Downloader.exe

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

[email protected]Free YouTube Downloader.exe

description	pid	process	target process
PID 2016 wrote to memory of 2668	2016	[email protected]	Free YouTube Downloader.exe
PID 2016 wrote to memory of 2668	2016	[email protected]	Free YouTube Downloader.exe
PID 2016 wrote to memory of 2668	2016	[email protected]	Free YouTube Downloader.exe
PID 2016 wrote to memory of 2668	2016	[email protected]	Free YouTube Downloader.exe
PID 2668 wrote to memory of 1692	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1692	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1692	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1692	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1884	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1884	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1884	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1884	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2804	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2804	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2804	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2804	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1704	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1704	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1704	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1704	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2300	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2300	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2300	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2300	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2920	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2920	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2920	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2920	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1096	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1096	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1096	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1096	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2272	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2272	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2272	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2272	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2332	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2332	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2332	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2332	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2652	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2652	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2652	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2652	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1992	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1992	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1992	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1992	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2976	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2976	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2976	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2976	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2696	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2696	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2696	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 2696	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1176	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1176	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1176	2668	Free YouTube Downloader.exe	Box.exe
PID 2668 wrote to memory of 1176	2668	Free YouTube Downloader.exe	Box.exe

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]
"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1692

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1884

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2804

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1704

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2300

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2920

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1096

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2272

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2332

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2652

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1992

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2976

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:2696

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/1096-73-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1096-74-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/1096-75-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1096-76-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/1692-41-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1692-40-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1692-37-0x0000000001170000-0x00000000011E4000-memory.dmp

Filesize
464KB

Download
memory/1692-42-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1692-43-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1692-38-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1692-39-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1704-61-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/1704-60-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1704-59-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/1704-58-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/1704-57-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1884-47-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1884-49-0x00000000009E0000-0x0000000000A20000-memory.dmp

Filesize
256KB

Download
memory/1884-45-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1884-46-0x00000000009E0000-0x0000000000A20000-memory.dmp

Filesize
256KB

Download
memory/1884-48-0x00000000009E0000-0x0000000000A20000-memory.dmp

Filesize
256KB

Download
memory/1992-99-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1992-98-0x0000000001080000-0x00000000010C0000-memory.dmp

Filesize
256KB

Download
memory/1992-97-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1992-100-0x0000000001080000-0x00000000010C0000-memory.dmp

Filesize
256KB

Download
memory/1992-101-0x0000000001080000-0x00000000010C0000-memory.dmp

Filesize
256KB

Download
memory/2016-28-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2272-78-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2272-79-0x00000000004F0000-0x0000000000530000-memory.dmp

Filesize
256KB

Download
memory/2272-80-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2272-81-0x00000000004F0000-0x0000000000530000-memory.dmp

Filesize
256KB

Download
memory/2300-64-0x0000000001010000-0x0000000001050000-memory.dmp

Filesize
256KB

Download
memory/2300-66-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2300-65-0x0000000001010000-0x0000000001050000-memory.dmp

Filesize
256KB

Download
memory/2300-63-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2332-83-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2332-88-0x0000000000620000-0x0000000000660000-memory.dmp

Filesize
256KB

Download
memory/2332-87-0x0000000000620000-0x0000000000660000-memory.dmp

Filesize
256KB

Download
memory/2332-86-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2332-84-0x0000000000620000-0x0000000000660000-memory.dmp

Filesize
256KB

Download
memory/2332-85-0x0000000000620000-0x0000000000660000-memory.dmp

Filesize
256KB

Download
memory/2652-95-0x0000000004820000-0x0000000004860000-memory.dmp

Filesize
256KB

Download
memory/2652-90-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2652-94-0x0000000004820000-0x0000000004860000-memory.dmp

Filesize
256KB

Download
memory/2652-93-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2652-92-0x0000000004820000-0x0000000004860000-memory.dmp

Filesize
256KB

Download
memory/2652-91-0x0000000004820000-0x0000000004860000-memory.dmp

Filesize
256KB

Download
memory/2668-33-0x000007FEF5DF0000-0x000007FEF67DC000-memory.dmp

Filesize
9.9MB

Download
memory/2668-34-0x000000001ADD0000-0x000000001AE50000-memory.dmp

Filesize
512KB

Download
memory/2668-29-0x00000000000D0000-0x00000000000FE000-memory.dmp

Filesize
184KB

Download
memory/2668-30-0x000007FEF5DF0000-0x000007FEF67DC000-memory.dmp

Filesize
9.9MB

Download
memory/2668-31-0x000000001ADD0000-0x000000001AE50000-memory.dmp

Filesize
512KB

Download
memory/2668-32-0x000000001ADD0000-0x000000001AE50000-memory.dmp

Filesize
512KB

Download
memory/2804-54-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2804-53-0x0000000004F20000-0x0000000004F60000-memory.dmp

Filesize
256KB

Download
memory/2804-51-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2804-52-0x0000000004F20000-0x0000000004F60000-memory.dmp

Filesize
256KB

Download
memory/2804-55-0x0000000004F20000-0x0000000004F60000-memory.dmp

Filesize
256KB

Download
memory/2920-68-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2920-71-0x00000000003E0000-0x0000000000420000-memory.dmp

Filesize
256KB

Download
memory/2920-69-0x00000000003E0000-0x0000000000420000-memory.dmp

Filesize
256KB

Download
memory/2920-70-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2976-103-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/2976-104-0x00000000004C0000-0x0000000000500000-memory.dmp

Filesize
256KB

Download
memory/2976-105-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download