7b2b2bf953b870564bff1f308381d9e20e84c2577bd8c854710e4f71438b2981

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMPYtbn/ytb_oc.exe
Size

354KB
MD5

ed3e6f0637ea310cff9028c2ff310ee3
SHA1

1fd3563f0783b03e7ed2f9b5ee34b1cd5befbf90
SHA256

c08508d7deeb8f25e7d4a2c12030b4d9a4071152f6a2762351de02f7bca7d4a1
SHA512

9658d63b45e788740cefd7c107719379340d561697c5098bf22ba2217ed5936e40e17641d2eeab613aed58c186baeaf4b927d86326c348d4180e217ab9b18f73
SSDEEP

6144:pBmPVHQAqtdKT65rSWgIIr2oFzg93pDCDLbMr+L6ALxE3/hMs7Ok4:pEKKT6kDrFzg95DCDnMr+L6xpgk4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ytb_oc.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	ytb_oc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "1"	ytb_oc.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	ytb_oc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
588	ytb_oc.exe
588	ytb_oc.exe
588	ytb_oc.exe
588	ytb_oc.exe

C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMPYtbn\ytb_oc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8ee38fd818617db618081b574eb3a58

SHA1
e874cfd8bd451dba16001cd87d10549ab06823a3

SHA256
26522a2fa99a26c7b74d38d15618b07fb9e3de44e96b30a3e27c22936eeac22f

SHA512
96284b3f7bfb14273f842a6e10dc44cc160b936e083b34ca43814daf4b90016a99e096103a0c976041a6fa8dc4d6467b4cc04b2fa3981d96c1f59aaf6864b3fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14e680c78ba0c6cc7b7e32f6ca0c624b

SHA1
a6eba9e5e9f5c8861595970a7489554165a13843

SHA256
8529bd911dc4ce7611d3249192e5f55fea135bc70b0753d1bbd6e2a41b87c164

SHA512
6cd7527da30d957f81800886144f632db771500a0d0a195b0321ddd5e34820ed3b063212f86703232640a2d518374fbfea9ddfae7d9e4be2099020b340cf0965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5964b602cc38229f664347d4817dc22

SHA1
c500cd517fe64230d1c5742adb20602a89337684

SHA256
2f9132d3de1e33f8f58ad74d7e52c2f8626f9bcb94843b3fa027008501b36b60

SHA512
2b855671d92cb01a84d96a78aaef38cccf7e39ab26077b37e4747a2d0be5bc94aac7aa623a1ccdcd605cba86121bf9251c212240f1a06a96667906a6f982e430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce588c27108e4cff7aa603580afe97bb

SHA1
1253a9bc4448e158790e4e5527d6707ad81fd319

SHA256
e040c5ba6aa016880072fefdc44932ca418bda9b7cc0f95d80e79fa3829dc172

SHA512
3ed0133bfd978dc70b930e0c9729f139fdbe697bda211bf543acc010b73ff5417bc7b01367cb4b71a1bd2f490f811f4d8393274916fbfe536ae1232f40d59f23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dff53990750620c5154beef2feda7f2

SHA1
09d9528b5e06ce1fe6c3dc7c14a3bea7272771c5

SHA256
dcf06c9333316c2a8ac9a7fc23f1057226e419ff22f50fcfd59f218e1b372ed9

SHA512
9d79c8bcc3d91bbd6e6d7cd9fecdc1ade6ca7141e2ee8d7c91bb98ebab23017e4be7df8e9f34a80c4499f7b72d91d5f3ddd687da12c1f32da1c257edf83470d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
694875c9a5cd06e680b7954b98046e13

SHA1
502370c7237e0bfabf98195531ec557f83f89b9a

SHA256
8b070635c10beceb298aed18b443788fbfcc4b788632e6137efecef9766440b5

SHA512
22c265fc9d2d223767845e55da082df4f7f169b59eee16098f2bea299f625902f0cb238bc4b643e78a667a9dd3cb0ec757d6fc25e81ccf992662c93cd5bd1475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16f8c64b9e9dfd1005fbfba3caceb5a5

SHA1
00de7f71a8505c0304e4cb4292d6d6cce38c96a0

SHA256
85c7dd13bc6afd0d93908bea1c2febfb66dce43ff2dea9ee50166598eb5ca240

SHA512
14e9e26055ac7f9dd3534a6257d03fa32dd8eb4fa0b8400536e6be50784ca74b502a94c8b9c6ba985ab17c80b98dcf9b64707c1d8a37a1cfa2112d3f3d0ebcbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
245cc67de3c0530a6eeed715d25ff45d

SHA1
a9fd839934a2ce7e10a2d17e7c776495b0412c7d

SHA256
54f183d1a3b7cf87d657a9f56816385719244753fc27c073238791f1c4b09a63

SHA512
d54ca6d2e7b7a200f7c2e3744973b184b5a603bb4707d23a52c19aee38506c0f4f3afc2ad5026a12a8d481bf18dcc771d901be3b9bdcd65b236f87d5ce5acf40

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE3AD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE40D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit