fce263f7b07d25c4a6bdd4656125e9bf0f76e652410ec99eafd3c6b2bd33ccd1

Resubmissions

28-04-2024 20:22

240428-y53r3sgc45 7

28-04-2024 20:20

240428-y4k6msgb83 7

Analysis

max time kernel
1794s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240419-fr
resource tags

arch:x64arch:x86image:win10v2004-20240419-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
28-04-2024 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberLink_YouCam_Downloader.exe
Size

1.1MB
MD5

60c3eedebafdb6839cc5e10fb595135f
SHA1

a3284235e9d21dc470b0334cc6e1ffde23582a5e
SHA256

fce263f7b07d25c4a6bdd4656125e9bf0f76e652410ec99eafd3c6b2bd33ccd1
SHA512

7266f5f9210099e9ca2f989d317eda8b1e533eac677f9490fd3b1aae84c506070bcf887598875d1ca7319a4f6db11544c9c9daa33c848b55e21b8df09f722029
SSDEEP

24576:bp9mNaOPOeZ4ZRQVxj3kWO1pgkysLbIqBcDu5GY/+j4coCYHb0YLoE58:3vy4ZRQVZkDIqBR5GY/+Ucoph958

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CyberLink_YouCam_Downloader.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	CyberLink_YouCam_Downloader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

CyberLink_YouCam_Downloader.exe

pid process

332 CyberLink_YouCam_Downloader.exe
332 CyberLink_YouCam_Downloader.exe

pid	process
332	CyberLink_YouCam_Downloader.exe
332	CyberLink_YouCam_Downloader.exe

C:\Users\Admin\AppData\Local\Temp\CyberLink_YouCam_Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\CyberLink_YouCam_Downloader.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:332

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\03116c2c-43a0-4565-87c4-e9d9d0c99c15.json
Filesize
658B

MD5
ae0d332ac6c01129c643f3f3abf97c2d

SHA1
90ca3f286a121510a0cd58276ad2c40e90b75cd2

SHA256
7cc369da6e627ed171b81a28d0ac51260f54cb23372d9ab68fe7180b3329bbf6

SHA512
4f9d4847ad98779426caa8f9e2bba9959b088e2a604bdc7a5a9c865df8f21c15085ab6685ebd82bf909b9b5ba1f940812da78b0d3fe8fe38d11d5c19d0c1fe0a

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\03116c2c-43a0-4565-87c4-e9d9d0c99c15.json
Filesize
2KB

MD5
6eee76ffe00c96b0f4df32c83ea1592f

SHA1
1da4a4cf569aa59b3f129bcb91240db232428aeb

SHA256
a13987597819df696fe8d021b809d79ed3c0f6b86efc5f90edd71f792da3fcfc

SHA512
e69fd10a839c5f4ff6f356f3ce3497b24bb135034997710b1926311e85d2a97fdb0cb4e162004c88c7fb14dce41f5a1f76bf9b65467e93be42787a59fd88b10a

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\03116c2c-43a0-4565-87c4-e9d9d0c99c15.json
Filesize
3KB

MD5
82c90d8726589b028c964832d393774b

SHA1
e72e55bba4f42fc92901f8c1bcef251a1f8955aa

SHA256
116a6f84f06cdb37dc8a0e91708fe5290c9c6b56a6e75fa2326c6ea1d73bc75f

SHA512
e43ec0c909c63c433284713c8e02fb5a914dfa47b15401e952e0eb496e4e801dea52f3132f4c0e42b65e55b8d19e55522e27f02f1036ea093500788d73033649

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\03116c2c-43a0-4565-87c4-e9d9d0c99c15.json
Filesize
4KB

MD5
238d31bf93fb44532b6527b06b5231fa

SHA1
ab016433a9c0a4cf15f12b9db9bb6920db6d56d3

SHA256
ac06cb98598aa6a54d2453b827d550b4fbc5b750527dc44b23efa93680966455

SHA512
3be55c900f3fe107c5df12e6011c7c4840c0ef7c7de688e6b82500efee4e845fd9030fee8d6cbf16b1c8c824fb85e0ba138799755e02f010069ca93468f395c0

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\3325bf97-6779-4460-9389-95364b98b27a.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\3325bf97-6779-4460-9389-95364b98b27a.json
Filesize
4KB

MD5
f228155d028697139c638c0480af8b6b

SHA1
1ba87553283e3db3441c767501831674f939448e

SHA256
c9ddef70fb9613497ced1ca04cbcb5e69433c72e1f4b06235772ace16892a2e9

SHA512
7559b858d9aeeee28d8eba7138a3aacea7aa333d70e16010fdb1d3af606f3fa046a49bb65237edea9b7d91e7b76a24cb5a643d24773201521e9401b0001dcbbb

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\5c47182c-b458-4bb4-b1db-9a409a57cebc.json
Filesize
4KB

MD5
eb23fa226667e313cb71fef223cdc9e9

SHA1
8627f3fe7dfb84d0976168d4e0abc0cdbdb77837

SHA256
4fae3432f4a870272488039e3fb86dc4446b73ec6fd20b4fe51d1d0ed4222c14

SHA512
b8b8bea767cc883c977dc4ef88c7ca09f4a366374d085975f1faf0a85777baa9db7eb73bb4f4bde8548bd41c90565458b64e5d2bd39ef104e4e7abdb7c2ab718

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\5df4a0bf-1f96-49e7-9ef7-b9d8a91ee49f.json
Filesize
1KB

MD5
844482c32a09232f72f63a7a46d6546d

SHA1
87bcb7bd2a03df0adde406bef09abf93a13df20f

SHA256
02d18eabf201127c9d774400b1a25fa6c89eff3ab6ad68476ff323d77f3837f8

SHA512
a416355e4aa7fe79c56d2efa03176240671b1c0382600d2fe35be4a152ceb8d2170e0c5f873f61773f8d6a44df4dc6db544b7b04a66ad39d08fc07b0efc8d089

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\5df4a0bf-1f96-49e7-9ef7-b9d8a91ee49f.json
Filesize
4KB

MD5
a2e35265ced3d46a8d32fd3643e0c1fb

SHA1
9aa57a1d728a58730d32e443c6d8eaa6e5daa94d

SHA256
ed6fc57f7fd5efd9818616b73fd5eb7b2e59a6a803c4fdd83198d8bdb524edb8

SHA512
fc0314a6bd92b9403f30b94e435e3d390d2387c7a2bf6701627451ba4249ca9695aa13195fe86c1ca559d7b1b86af22a8b0899a0619e670ee9f775a150838709

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_YouCam_Downloader.exe_v2\UNO.ini
Filesize
7B

MD5
be9d6efbd8632e482c64618f00a701fa

SHA1
cc7c0702a34305282ba77d4eb88db1fa0bbed850

SHA256
d94fd0c7e43df0a03014a44d79653c0845adb29e6222ca47718c46af90847b84

SHA512
c59eee3a838ec35f447c28a701289f3f35ea5ec08d0c38df54482b39a2219598074d49fc162b1ef46d9e20c336221f53bc86de7163183193001b466ff36dd5c8

Download Submit
C:\ProgramData\CyberLink\Downloader\Item0.ini
Filesize
496B

MD5
1dd2b2e508391d1abfa29d0cbe410487

SHA1
5ee9cebb274d87d856c1333f9ea94b2d9cfc4aaf

SHA256
d2abe006d9374be03d28dcecdbde44d21ee4dc67b3d002f1799c3fd39bda109e

SHA512
9ab84f71ea0b425ccaf162b7199f3da18e0629ffadce0f05c50ffb5e42d025520a317d497a165d04777a12f83dfddf0f12bfc91aee8c43f503e34b74babcb18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\03116c2c-43a0-4565-87c4-e9d9d0c99c15.json
Filesize
355B

MD5
89dc0068b652eb800739d5ef535f6fe3

SHA1
7866d515c7f46ba3bd4ea317013b82bfe4fe9eb1

SHA256
748a3942be14fdd2c6ed6cee52c9c3f97ea7d1260e96f55ed4d9226c3be8cd32

SHA512
26d3b3f0567a8a7f9882bef1bed74ac76aa65b0b1eb44e5042155ea20e78497682a1dc98ce1430278bf136bfb85caee45e5508d9798c2273ee95f278119de93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3325bf97-6779-4460-9389-95364b98b27a.json
Filesize
1KB

MD5
a47ac39aff7042dd00532f258596529d

SHA1
00270ef2f61cd71696278652c3c5ff2c29b35bd4

SHA256
6e0fe3186dfda439f69a2bb8ad46f4c1ef1b63d6aefaa45bb0706e1d3801d7a5

SHA512
d35088d3d7be29c44840f1e54953dbbad228f352a553a35aa82cdb2d93c610054e73778c3fdf68a1ad6a62ef319052d95a2ee956f5d0752fb93e9393edf71440

Download Submit
C:\Users\Admin\AppData\Local\Temp\5c47182c-b458-4bb4-b1db-9a409a57cebc.json
Filesize
1KB

MD5
bd89977b029f6570d59d67b14a000dee

SHA1
9c7c7ac6928fe3630801a728d5c395f2f4909b25

SHA256
961ea4ec4f761bc66f8856ab7ad4cafed81c3c03878594f0d11a7e1b2fcf9ccd

SHA512
b836f4f475e59637ec6f701777c477fa3dd84cf7b32f2c70ea49e9aa4edb9b03aabcfb341a328925ef09406e7659367eb7a6f6de6b16680195f6340e74863194

Download Submit
C:\Users\Admin\AppData\Local\Temp\5c47182c-b458-4bb4-b1db-9a409a57cebc.json
Filesize
2KB

MD5
df81b00d17efc04fcd2cda519993f5c5

SHA1
5899aa0c99896a84861b5c8c4a2400383e8b22db

SHA256
5c5c6cc7e460a7975dc9fe79b69d3896060c13082857c7322ab7a0b229929f9a

SHA512
0906cb858b7ec55859e7fde5caf104f1d905d746053295b8919e592022674bc55b730003b1e78a6d6112c855538494a62a361477b07e46a947b133d8cbcc2ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5df4a0bf-1f96-49e7-9ef7-b9d8a91ee49f.json
Filesize
249B

MD5
d542fb228538fd607a6dc91f1951c87a

SHA1
54687a84d28073fabf67f4deaf82b93716621dc2

SHA256
539ac4b5959fc267029e0e0a35cee39eb7539af47c94edaa8a6f46bd072b7a41

SHA512
d86249792f35c6ca06dcd1e6734a1f56c1c7fde8b750135fe7058b7cbcc050f33c059ce867f7d0a2204d1797060ef443f7e184f248197b91a3dd44025cb28bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\5df4a0bf-1f96-49e7-9ef7-b9d8a91ee49f.json
Filesize
590B

MD5
6ddfab9db2d9cc8074d3006049090530

SHA1
a5e64a2e205c706759940e8a8963ffdcbf0d1516

SHA256
280a720a56ece94b8185e424188da7f11de059ec0dbf7267ae40926ba14409f2

SHA512
3d632c2f8f1dacc86339fea8ed187e2b43fb153ab412c9716448def527f8cd5fe0328acf441b8d48cb660fbc4e5a76f3590982c0f93788d2d326b3d7d57ddd57

Download Submit