7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

Analysis

max time kernel
140s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMPYtbn/ytb_oc.exe
Size

354KB
MD5

ed3e6f0637ea310cff9028c2ff310ee3
SHA1

1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90
SHA256

c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1
SHA512

9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73
SSDEEP

6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ytb_oc.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	ytb_oc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "1"	ytb_oc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1164	ytb_oc.exe
1164	ytb_oc.exe
1164	ytb_oc.exe
1164	ytb_oc.exe

C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3888,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:8
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads