fce263f7b07d25c4a6bdd4656125e9bf0f76e652410ec99eafd3c6b2bd33ccd1

Resubmissions

28-04-2024 20:22

240428-y53r3sgc45 7

28-04-2024 20:20

240428-y4k6msgb83 7

Analysis

max time kernel
132s
max time network
138s
platform
windows11-21h2_x64
resource
win11-20240419-fr
resource tags

arch:x64arch:x86image:win11-20240419-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
28-04-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberLink_YouCam_Downloader.exe
Size

1.1MB
MD5

60c3eedebafdb6839cc5e10fb595135f
SHA1

a3284235e9d21dc470b0334cc6e1ffde23582a5e
SHA256

fce263f7b07d25c4a6bdd4656125e9bf0f76e652410ec99eafd3c6b2bd33ccd1
SHA512

7266f5f9210099e9ca2f989d317eda8b1e533eac677f9490fd3b1aae84c506070bcf887598875d1ca7319a4f6db11544c9c9daa33c848b55e21b8df09f722029
SSDEEP

24576:bp9mNaOPOeZ4ZRQVxj3kWO1pgkysLbIqBcDu5GY/+j4coCYHb0YLoE58:3vy4ZRQVZkDIqBR5GY/+Ucoph958

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

CyberLink_YouCam_Downloader.exe

pid process

3944 CyberLink_YouCam_Downloader.exe
3944 CyberLink_YouCam_Downloader.exe

pid	process
3944	CyberLink_YouCam_Downloader.exe
3944	CyberLink_YouCam_Downloader.exe

C:\Users\Admin\AppData\Local\Temp\CyberLink_YouCam_Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\CyberLink_YouCam_Downloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\24058443-dede-4186-9e7c-7c0a8f5ee123.json
Filesize
665B

MD5
b5c051a6c07a6b770e4dc433a8d23dcb

SHA1
9e5b7b55696a179b6040b529b9db7dd9012c7c26

SHA256
7599c4df11269c4a10375383a978a4bf0e5e396b8687914a2cc680e9726f676a

SHA512
3223795915e191e3a904b96b1089f8f3fa55e30fc8693b8f246ffdc906c5129237886c15a1bae86972beefcce163ce2b78335741f1b41a37a361b26818b0c0d6

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\24058443-dede-4186-9e7c-7c0a8f5ee123.json
Filesize
849B

MD5
f776aae0464bbc3015c480d328a6e947

SHA1
0ecb749184ad2e91433adb758d910638d69f4f1e

SHA256
7d957179c8204e03e59596e027ab4a94645b78bfd72535d16095d5675fb4eea6

SHA512
eff80a165c0729dc9baa99cb6bbc80dbf467a8c1f69042a4fb0030905e4a0f8e8339d29c3a47796d5ddded637c1d80bc1c245f21a322309bcb008fc21c9daf0b

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\UNO.ini
Filesize
7B

MD5
be9d6efbd8632e482c64618f00a701fa

SHA1
cc7c0702a34305282ba77d4eb88db1fa0bbed850

SHA256
d94fd0c7e43df0a03014a44d79653c0845adb29e6222ca47718c46af90847b84

SHA512
c59eee3a838ec35f447c28a701289f3f35ea5ec08d0c38df54482b39a2219598074d49fc162b1ef46d9e20c336221f53bc86de7163183193001b466ff36dd5c8

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\c3579fdc-aaf8-4eff-bc2e-5c21e8bde941.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\e1b192df-fa2b-47bd-afd6-71d5524c4e76.json
Filesize
903B

MD5
dfcfeb9d6df0e9bca692a8c93a74028c

SHA1
b39d6a8404ddae654dee492674b0a43eea3ec696

SHA256
eb799d91a09b97ddc71f8402f914953654fb5ecef77de97c5d73a9aae393c161

SHA512
b5f3ed0e76c4b1dea5df8c07c63c465e85a177969f9582defa43f9a9a87475db439bccde3455d1c7e56894c2b46e4c78087ec8a394e01ba0657431d6637f6f5a

Download Submit
C:\ProgramData\CyberLink\Downloader\Item0.ini
Filesize
726B

MD5
3b21a21b1c3c968e1cbab388c4c372b7

SHA1
813242c7f61f1ad2cdc5c374a2f599feffadcb64

SHA256
402c4c2f9b2c4fe10c5910c3e540bf6e41c043ca1c1ab6788b72b2bf486bef9c

SHA512
90fc84f3df26e0390162b9607e5092a51dcdf0c4c3683b07751734f6978f027eab76e445de34bc2c0a769a52f184da33d57d07ada98f52d1887b5e57fe5c2c9b

Download Submit
C:\ProgramData\CyberLink\Downloader\Item0.ini
Filesize
496B

MD5
0b53231e58fdf8c92b66b0fa878f8f64

SHA1
6faba565821a39d25579e0ea92eeba6dfca852bb

SHA256
5b68d90ebf2badb527746e83bc19f637ff5ba91e72bb750a10424c983f8e1e9c

SHA512
73982f9da98b9f6d852342e997be5ceaf74c8a8aa978291c2d99381aa13b28ff8148761d093a1b8192669aac543ec280940d3433ab8e0f9a048e5ef299e7ef82

Download Submit
C:\Users\Admin\AppData\Local\Temp\24058443-dede-4186-9e7c-7c0a8f5ee123.json
Filesize
359B

MD5
4e68c7678ddcebda0263bfc9d9d52012

SHA1
c0cab8e5ff1480059581f3d0d7bade34bd285fab

SHA256
7fa6f985c6ab520437f7fa6b4d46a0c498171d3e0a7968afe64fec1470c08482

SHA512
5983c311fad37d323db166919e5ee9a9ad52184d4bd77cd517934a6adb35833f6b41b625684b08a2f4a8100acb01adeb0b04f7325073c19154d108e3657cac71

Download Submit
C:\Users\Admin\AppData\Local\Temp\939d1430-46d9-4404-b5b0-77a4f8eb345e.json
Filesize
984B

MD5
911f54f4bf4fe1a36f1d5eeffe6cb237

SHA1
ec4490eeabf8fa0fe018aa190c1e6425491f5f55

SHA256
b4741de1ec77d8b76b5d7e0813154e282a01eab464b19bf01cd5ced26b15d346

SHA512
cf28ad6af499ea1f7394fa4d695ead78331234eaa7ebca525d737f8f42a19326577583f764038846cec9e114c20f8813a71066337e5f0bfc4ce41a5b201bca1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\939d1430-46d9-4404-b5b0-77a4f8eb345e.json
Filesize
252B

MD5
02859ffb54aa796a8dd0c013c3146481

SHA1
017a1444df6ee56e7c70095904eea081c58706ce

SHA256
09a6cc7fb5c0d27d0b9871f4d8411083e6f04d772064e7439ad974a6d6d2b4de

SHA512
ca0d58c3c7a35b2cf48cedb0faa2e9080faaa14ddf64058b5a5a9598d2ef92fc80057301fdbc2732fb9da134d6147aba892f16085926b7c80949fa2161dad4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\c3579fdc-aaf8-4eff-bc2e-5c21e8bde941.json
Filesize
2KB

MD5
75f45cd77d88e4c27134b9c57b0c4f47

SHA1
3ba33f969dec6b21fd2242cb7ad77b73ebdfc4a5

SHA256
dcd290afb507bfc58854e959d294464f56d741bd837797128bc3db655be383c3

SHA512
62d870d8ab9a7e83eb42598662d1609f3022cb375f0a0154df643908d7ba1e0456fe83dcc7284e9d13a99215182e92fae683e79b053719e723c306b12480103a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e1b192df-fa2b-47bd-afd6-71d5524c4e76.json
Filesize
642B

MD5
465e030b6fbe310bf66420271bb9a768

SHA1
deeda5521bdd7809511664a20c5935f07695dbe8

SHA256
3da16c3bd1df25cb5a9f93981c6e60c9bed3b9f64389f34c1659ec3682dbfb1a

SHA512
d417a184dd52d3e47ba6395b94a32c75b59fd8b0439438cc9198562e8609f62784b8957bd8956c67b7357759d92f02c181a11d400041aa42586c71d98e8a3f42

Download Submit