58903b06bce461163047273a495de51c399a2aed0296a2847c87ce5c9236a2e7

Analysis

max time kernel
130s
max time network
158s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
Size

65.1MB
MD5

abcb021b3c888eda7482e1945cc3797b
SHA1

418dc2f27c39f897391e8f7fed5ec40bb16a2e12
SHA256

bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8
SHA512

213927955a236e38c583123c28790769d79a277f7186a00a26b4ccb8f071ec75923d48ec4652190bf4f554eefa41df811edc26b2a5e8c7297ed879d16e9d53d6
SSDEEP

1572864:nuW7RwotH6y4293WjrSYYFfSUUXAbBc/bHVRsqGx7/jUtGWC+hNkGAzpAualZUhI:ntwoxv9mr0IuBcTr3k/KLzNuzpFoZaI

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	Open Video Downloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	Open Video Downloader.exe

Executes dropped EXE 6 IoCs

pid	Process
2260	Open Video Downloader.exe
1308	Open Video Downloader.exe
3048	Open Video Downloader.exe
2428	Open Video Downloader.exe
2948	Open Video Downloader.exe
2404	Open Video Downloader.exe

Loads dropped DLL 29 IoCs

pid	Process
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1260	Process not Found
2260	Open Video Downloader.exe
1260	Process not Found
1260	Process not Found
1260	Process not Found
1260	Process not Found
1308	Open Video Downloader.exe
3048	Open Video Downloader.exe
3048	Open Video Downloader.exe
3048	Open Video Downloader.exe
3048	Open Video Downloader.exe
2428	Open Video Downloader.exe
2948	Open Video Downloader.exe
2404	Open Video Downloader.exe
2404	Open Video Downloader.exe
2404	Open Video Downloader.exe
2404	Open Video Downloader.exe
1260	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Open Video Downloader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Open Video Downloader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Open Video Downloader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Open Video Downloader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Open Video Downloader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Open Video Downloader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Open Video Downloader.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Open Video Downloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Open Video Downloader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Open Video Downloader.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
2260	Open Video Downloader.exe
2260	Open Video Downloader.exe
2260	Open Video Downloader.exe
2260	Open Video Downloader.exe
2260	Open Video Downloader.exe
2428	Open Video Downloader.exe
2948	Open Video Downloader.exe
2260	Open Video Downloader.exe
2260	Open Video Downloader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1664	bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 1308	2260	Open Video Downloader.exe	30
PID 2260 wrote to memory of 1308	2260	Open Video Downloader.exe	30
PID 2260 wrote to memory of 1308	2260	Open Video Downloader.exe	30
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 3048	2260	Open Video Downloader.exe	31
PID 2260 wrote to memory of 2428	2260	Open Video Downloader.exe	32
PID 2260 wrote to memory of 2428	2260	Open Video Downloader.exe	32
PID 2260 wrote to memory of 2428	2260	Open Video Downloader.exe	32
PID 2260 wrote to memory of 2948	2260	Open Video Downloader.exe	33
PID 2260 wrote to memory of 2948	2260	Open Video Downloader.exe	33
PID 2260 wrote to memory of 2948	2260	Open Video Downloader.exe	33
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34
PID 2260 wrote to memory of 2404	2260	Open Video Downloader.exe	34

C:\Users\Admin\AppData\Local\Temp\bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe
"C:\Users\Admin\AppData\Local\Temp\bb0bbd7cd226b02d5069ff946d8ef15ecde19f06d42c03f9e33a087863a7c6f8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1664

C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
"C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
  "C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\youtube-dl-gui /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\youtube-dl-gui\Crashpad --url=https://o762792.ingest.sentry.io/api/5793871/minidump/?sentry_key=ceb9de0231034eda91620bf3623a22cc --annotation=_productName=youtube-dl-gui --annotation=_version=2.4.0 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=11.5.0 --initial-client-data=0x2d4,0x2d8,0x2dc,0x2a8,0x2e0,0x1468b1678,0x1468b1688,0x1468b1698
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1308
- C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
  "C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe" --type=gpu-process --field-trial-handle=1116,3827685515089117356,11424169627626991029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3048
- C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
  "C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,3827685515089117356,11424169627626991029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1424 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
  "C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe" --type=renderer --field-trial-handle=1116,3827685515089117356,11424169627626991029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.jelleglebbeek.youtube-dl-gui --app-path="C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\resources\app.asar\preload.js" --context-isolation --world-safe-execute-javascript --background-color=#212121 --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1480 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe
  "C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\Open Video Downloader.exe" --type=gpu-process --field-trial-handle=1116,3827685515089117356,11424169627626991029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "ffmpeg"
  2⤵
  PID:2040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "yt-dlp"
  2⤵
  PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd628104f2f7c63b07c02ade08a36d00

SHA1
723708ebaffa7a67af6676a0530adc37563412f3

SHA256
2e9c50b231a2c37145c5c1540ba66de9edaca1a61dea6d6c62e0ef8e6548dbe0

SHA512
0a9dec236374bf111d813617924889b624aebed9ca587e6a11e5990b96cb17a3f628b96cf70597ed156e21462182b5435882d2e567efbf6279737cbb4b8a39fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\chrome_100_percent.pak

Filesize
121KB

MD5
06baf0ad34e0231bd76651203dba8326

SHA1
a5f99ecdcc06dec9d7f9ce0a8c66e46969117391

SHA256
5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189

SHA512
aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\chrome_200_percent.pak

Filesize
181KB

MD5
57c27201e7cd33471da7ec205fe9973c

SHA1
a8e7bce09c4cbdae2797611b2be8aeb5491036f9

SHA256
dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b

SHA512
57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\icudtl.dat

Filesize
10.0MB

MD5
ad2988770b8cb3281a28783ad833a201

SHA1
94b7586ee187d9b58405485f4c551b55615f11b5

SHA256
df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108

SHA512
f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\locales\en-US.pak

Filesize
83KB

MD5
bd8f7b719110342b7cefb16ddd05ec55

SHA1
82a79aeaa1dd4b1464b67053ba1766a4498c13e7

SHA256
d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de

SHA512
7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\resources.pak

Filesize
4.8MB

MD5
d13873f6fb051266deb3599b14535806

SHA1
143782c0ce5a5773ae0aae7a22377c8a6d18a5b2

SHA256
7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506

SHA512
1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\resources\app-update.yml

Filesize
98B

MD5
8dc49e2731f3bd3a548182a8bb57d64a

SHA1
067d8638f5c3d275a97fcd0949e8a6b3ee381bc5

SHA256
755d4d16e9f3a380576ddd2929a189b679de30697245a443984af014645b3424

SHA512
a9be2989fc9e2d84a5d22faf1ad43f9bff27ec9c71de3d5bdccd9c0a2a46c9067b35320161c25f1f52a75e2ca5ac6ae8621f82f6e80ebd0dae377149a75e95a7

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\resources\app.asar

Filesize
29.2MB

MD5
8d19e4c064afe9fa24b7cbde6a791027

SHA1
a56445f48aa3e7d2d72cdae85b3e46a055f966fc

SHA256
a2e15233742eef1820c0a3447376d2416156eeb5c50a18d7906b7b94da2cda2c

SHA512
a06dd5ec9f176ec442f2bb817debbaee30cebf73faad62d06b74f9aa81e73713ae718edde3a49e816f850f4f5eb42581821463d16fe061fd775eda53de6351bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\youtube-dl-gui\v8_context_snapshot.bin

Filesize
168KB

MD5
c2208c06c8ff81bca3c092cc42b8df1b

SHA1
f7b9faa9ba0e72d062f68642a02cc8f3fed49910

SHA256
4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3

SHA512
6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD35.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C31.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9C31.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Roaming\youtube-dl-gui\7c7f55db-34ae-489d-82b0-fa39133641c8.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\youtube-dl-gui\Cache\f_000001

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\youtube-dl-gui\Crashpad\settings.dat

Filesize
40B

MD5
bb5b441520e14ea429e079a7de518190

SHA1
a3f0272338bb9cc08dff25f836bcb7f5784894cb

SHA256
0ba426ae9c8890999fa520fc1b221ae1a616ae058cd6f088db014df9e6265535

SHA512
b78b05360f5e1fc9358945f8706817c8a729412d8437332c2f1a21a97b000ef66d6ead99933c57349e7e2d3561e065a902c550dd22fb4e264a17f483f0d6f799

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\ffmpeg.dll

Filesize
2.7MB

MD5
eabfc10d56cb44a86493cb2f8ca7aab2

SHA1
09d7e87f43527333cd021329d6c2f4e8bd8ddab5

SHA256
42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6

SHA512
ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\libEGL.dll

Filesize
438KB

MD5
660a9ae1282e6205fc0a51e64470eb5b

SHA1
f91a9c9559f51a8f33a552f0145ed9e706909de8

SHA256
f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85

SHA512
20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\libGLESv2.dll

Filesize
7.3MB

MD5
bc45db0195aa369cc3c572e4e9eefc7e

SHA1
b880ca4933656be52f027028af5ef8a3b7e07e97

SHA256
a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10

SHA512
dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\swiftshader\libEGL.dll

Filesize
460KB

MD5
acd46d81bb4f34912c255a8d01953635

SHA1
25969cc9e588e174b854566778f283f067c3c0c6

SHA256
bd1bc00a5c29726fb39645041fc6c8295256d90c7f739ebeaa8b6c382a4db189

SHA512
83692654ada422391b428953b2cec67048a171bbef4c59158f34607a762feac8a233b52ceaa528306cf103d9830ee38897afa996389e086d3778f290555a059b

Download Submit
\Users\Admin\AppData\Local\Programs\youtube-dl-gui\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
8090f82a02c6850cc7bd2b481a7533e0

SHA1
54a0b66d76c1b60e45e83ba4627299d0b2aae84a

SHA256
e9473ba82f6d8742ab74e67484886291aa69037db72e0ae256b19581de0b772e

SHA512
b2e3c57926860a7954ca6e426f5f2fa080cf6ccb5c4edd77f59744f240f597aa9613f46294e8b344db76b46fe78777b5016828b8ab2fc274ca107f3af7abd878

Download Submit
\Users\Admin\AppData\Local\Temp\nso9C31.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nso9C31.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nso9C31.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nso9C31.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1664-205-0x0000000003B60000-0x0000000003B62000-memory.dmp

Filesize
8KB

Download
memory/3048-279-0x0000000077A60000-0x0000000077A61000-memory.dmp

Filesize
4KB

Download
memory/3048-245-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download