7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMPYtbn/ytb_oc.exe
Size

354KB
MD5

ed3e6f0637ea310cff9028c2ff310ee3
SHA1

1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90
SHA256

c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1
SHA512

9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73
SSDEEP

6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ytb_oc.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	ytb_oc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "1"	ytb_oc.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	ytb_oc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2276	ytb_oc.exe
2276	ytb_oc.exe
2276	ytb_oc.exe
2276	ytb_oc.exe

C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9fab1489f7ae71a1c6dbdc2e63ccd88

SHA1
81a8c167e9ae6fbcd763a36994215e456b9bb887

SHA256
81802da61dd3a14407de7f31b0d1c5afcb65eaa3612cfaa34fcf6a728a57e1f3

SHA512
ac4c0525ea3db625854bcf9021b7cbe338c4d15a55c33f012b7d2ab00f56289e2b5e8bef3eddc1f16fff4acc73c61c95b45164cea629fcd0283c05548c6db05e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d728b9237ce49d0c18769f12ac15ea7

SHA1
3bd54bd0b09a214bf9bb3e1c9d84603e536f9acb

SHA256
90bcdb5137ebe6bb5710aefd66771138b031707c7c8463a95a54687537045f31

SHA512
c72fbbb0e27f2f1be8ad21cf8bb8114d55d6f7f45d457f4791f3b0a3f39bebbecc5861df590ea6e22e175953b52250896b2d95b76f94b20a3bf9baeda5f5fc17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb671c5f3a4966e0473bad0403ea7d5

SHA1
92103a557011cf0c052456428bf6aa1d3c2af74c

SHA256
ccd0c0d055e66dab07a8102a56b7239646b0ea3d7fbe223540f70ecd46a2c1a4

SHA512
86e90945a259c5443434cb9b3d1d46f9bdeeb9bc1a9252d1d1ad9507f0fe5d56deac47da205ec320f1afa00663bbfc0ddc15ce99b202d22589a0199b4641a156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fb33fa31ddceecb5a2753f8dd73c6ae

SHA1
c68011065656223b2445560dfe4726fb08c81610

SHA256
a189ed7a97d707d5c0f72ddb079e61330f7b152072b5dfec5e39cd4a5ac05ede

SHA512
d459a33b3551b0a9b02540857c2dfb3eda05550c24752f1ad5b032ed9cdb09730272f3d5b78090c484d614b0b40027880c3c8eacbd3510972964b8170e832763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
477c07d6153d59b1e82040db3663d167

SHA1
a4d39cbac743cd3fa7297127c98c6b48385e1436

SHA256
2e842149eec51d34805022678c17ffa00f5d977f153451db99082ff691ec4ff6

SHA512
c7e23ebfcfff3aeae6ecf9fe4ef45e9080f9430764d3949d9ebbe09f23028c24c1448bffff756b1223eaa38a1765469935b84aa8e589c3c5ae76afcc6bc4633c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d15cc68ea5a0b94e84cdecbbff3a4a77

SHA1
b495a3cff593e0fcf605595dabedc6df57cc6782

SHA256
a37964d202ee608563f171281cdf5a8fd3d55377c70ff47476cb901e622420e1

SHA512
debb565d783c5014001c8461837bc7a6b7fa4d4ddcfe4a542b04d057a6396532b99f3c87649d1aee1f923224eeea2778422aba8cec9360005611e2c809be26f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
952d58f22881c889bca5d09643c644ae

SHA1
4868842efa48e3d7d940a268ac1b64877beb82d8

SHA256
52663e7e5366416c32733b6b41b0a1ce570b766b8385d5b1f6aa5d86e0eac6b0

SHA512
51da9606b975359544b3c9b525c7e2c3334e65b5b055db96b4ca1df662eedbea2b0f8048f081e293eb495d9a566d2d97229798e9191aaf87348523f7ff64ae40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c40e32e60349e42a721c2e7d6924da87

SHA1
7f6c63c62ebecf802599e6ac5f400b26481cb06b

SHA256
b45326592d1a2a2ddbf6330dfd31c81b310a552c5182229e3e3eefb964d8c9bf

SHA512
a001a66ee3e801c598466aae44bf99d3cdfff4b4310f8ae1ea95c4f990e493178f35242a1da7e270d681c7ac62321ebb45dc917e54fc3b848e5d097c81ccf31d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCFFE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD06E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit