23f5ba8c7ec73c45f074138b8c09da7003d1d3c4bea3b2546755d52d583f8775

Analysis

max time kernel
291s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe
Size

88.2MB
MD5

1416efe71f62c25c47cedd41cc137586
SHA1

80d9fafead25fe001b19760489799de3b87d2ef3
SHA256

23f5ba8c7ec73c45f074138b8c09da7003d1d3c4bea3b2546755d52d583f8775
SHA512

f33750d988d4de97e684764098c9bdce93718037e8055c91ea0ea4c21026c6f05ff39689724ca65eb57ee0ac200f889eea64f9e322b53811e0c73c0a3776c03d
SSDEEP

1572864:zHFJUiSrCADbY2qkOMaIuU5AGUe8EBig/q6VBD7VDBScTFU0OtZd1u:TFKiS+KJqkRd/8gd/x3FYGFH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

Loads dropped DLL 2 IoCs

pid	Process
1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
2508	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31
PID 1352 wrote to memory of 2508	1352	TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe	31

C:\Users\Admin\AppData\Local\Temp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe
"C:\Users\Admin\AppData\Local\Temp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\is-2SCLO.tmp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2SCLO.tmp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp" /SL5="$50150,91222162,1040896,C:\Users\Admin\AppData\Local\Temp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-2SCLO.tmp\TubeRank Jeet Ai Pro ChatGPT Plus Full Activated.tmp

Filesize
3.4MB

MD5
b378e0c68d8f0bc13f84e85fe6aef810

SHA1
a85dee77ed2ced8a63766d275c3ad9a61ca5c01c

SHA256
64f43409ad8878a10c9cb1746bc6d7f2b01b1aef2273b57a8b20bd9f4d5f9187

SHA512
5c1e5dc2bcd166798f374e031e87c2897abebbac8a410ae823ba9358e648b0e14f28504ab95924b501ba2601c6a4749a05465f164ad83fc555f6c51d20740e02

Download Submit
\Users\Admin\AppData\Local\Temp\is-PVRI3.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/1352-0-0x00000000013E0000-0x00000000014EC000-memory.dmp

Filesize
1.0MB

Download
memory/1352-2-0x00000000013E1000-0x0000000001489000-memory.dmp

Filesize
672KB

Download
memory/1352-77-0x00000000013E0000-0x00000000014EC000-memory.dmp

Filesize
1.0MB

Download
memory/2508-8-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2508-12-0x00000000037C0000-0x0000000003ADA000-memory.dmp

Filesize
3.1MB

Download
memory/2508-73-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-72-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-71-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/2508-70-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-69-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-68-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2508-67-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-66-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-65-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2508-64-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-63-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-62-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2508-61-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-60-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-59-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2508-58-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-57-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-56-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2508-55-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-54-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-53-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/2508-52-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-51-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-50-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2508-49-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-48-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-47-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/2508-46-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-45-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-44-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/2508-43-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-42-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-41-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/2508-40-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-39-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-38-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/2508-37-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-36-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-35-0x0000000000C70000-0x0000000000C71000-memory.dmp

Filesize
4KB

Download
memory/2508-34-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-33-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-32-0x0000000000C60000-0x0000000000C61000-memory.dmp

Filesize
4KB

Download
memory/2508-31-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-30-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-29-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2508-28-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-27-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-26-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2508-25-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-24-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-23-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2508-22-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-21-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-20-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2508-19-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-18-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-17-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2508-16-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-15-0x0000000003C10000-0x0000000003D50000-memory.dmp

Filesize
1.2MB

Download
memory/2508-14-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download