Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

YoutubePla...er.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    22s
  • max time network
    22s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/08/2024, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YoutubePlaylistDownloader.exe

  • Size

    33.9MB

  • MD5

    6cffc5f33542dcbe4c5e23a68155e856

  • SHA1

    327dbe3a858de848624805e8549b2e32ca63e6a2

  • SHA256

    49a3a54c97102079abe75283018ae2fbcb67525e9e82e154eb2eb47a7e69ab71

  • SHA512

    74ccea5a8f0e3573ba091e06b4f8780f18702722ce0b30ad89b7581ff0132a984ff74411273c660a0b2597a27c6952e86676d304c7b7650b880c973e49be09af

  • SSDEEP

    786432:c1IMd/U4lUbFFV9xhiLMyAr5Wo8z9CYY57DCuZO:RG/UIybD3+MyAoo8z93Y5Q

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YoutubePlaylistDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\YoutubePlaylistDownloader.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\is-NA58Q.tmp\YoutubePlaylistDownloader.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NA58Q.tmp\YoutubePlaylistDownloader.tmp" /SL5="$50288,34675314,1146880,C:\Users\Admin\AppData\Local\Temp\YoutubePlaylistDownloader.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4092
      • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.exe
        "C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.exe"
        3⤵
        • Executes dropped EXE
        PID:4832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\YouTube Playlist Downloader\ControlzEx.dll
    Filesize

    245KB

    MD5

    6def9baa2552c072cea16b155fed0668

    SHA1

    93c9c9a7bf892d102f75b7fbadcc997488b4ed34

    SHA256

    3eceee9042e90da4a433007729778f72516f762599f7920839c751e180a47cb0

    SHA512

    62ef6519d0aa5979acd11067ff129ebb85bf62df8e66e395423b0cf33e5aa1541f2a028d38f2f6647cc129f6cc8be381b9c4762928fd4d163a1614652f5984ac

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\MahApps.Metro.IconPacks.Core.dll
    Filesize

    19KB

    MD5

    f53bdeff3bf3261d76f67590f75978d5

    SHA1

    32d9598e205658bf0f54b9a0ac14801740ba8f9b

    SHA256

    50ff62f374c37911e2c8d61f9adcdb19f566335359c2a3d215b05c08c4dbe30b

    SHA512

    aeea279600fa23843a684903a8bfea055900b0352917c64b43ae35a839a7197adcb1b9c37ba86049985c634ef2bbaf70b72c66c7ff0ddb8affc9ca6238406ec8

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\MahApps.Metro.IconPacks.Modern.dll
    Filesize

    2.3MB

    MD5

    3299812da907195e616ceea991032cd5

    SHA1

    42c10db25f90c2c33d2be9bbf2f320c2cfa76638

    SHA256

    58c1656997d7344b5f50e34daa745d0fd7c9f9e09d7c7be7482e99551b863051

    SHA512

    d6bed57df44e110ed4e172486cefeabcd844eaa83be2c46d4ef808949c5470214b80ad0404934f46c04bd61561093b8cce0dbafe2cfa16539d4422f582736e1b

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\MahApps.Metro.dll
    Filesize

    3.4MB

    MD5

    0ff8bc2220c4378a832d9824d4e13491

    SHA1

    1857edb308913fa8e9cef6930146cdcd6be21a0b

    SHA256

    8287fa1fe7e02d1d6bf38715276a3f5c71f2cd18f2a3ae4c8782ab722e6f90a4

    SHA512

    7aff83860273740d3fbc7be6ed689fa9ea29a35e4fa38d6357dbf6c38b04f696f384df991dd447161fc565514d292c0f76d1a642785e8c7fc53e43183e52d152

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\Microsoft.Xaml.Behaviors.dll
    Filesize

    141KB

    MD5

    3add5efdb77ac86592db53b1a22d41c4

    SHA1

    05cce0b4888b8a4a9d0035a00da792ae2f2f52da

    SHA256

    71e00e2b9ca3088132fc4d54a2076cb07127fe02a5fbc10df8d61cde55dfdbef

    SHA512

    f766aab25e307c5dcca8ae09925e11fb2183e19b5936984c082eb794bd99256bfb0ae2441cc615cac5b358ba259033e397cd718aa63912ef2c9de2cd558d99aa

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    adf3e3eecde20b7c9661e9c47106a14a

    SHA1

    f3130f7fd4b414b5aec04eb87ed800eb84dd2154

    SHA256

    22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

    SHA512

    6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubeExplode.dll
    Filesize

    223KB

    MD5

    7359d3b900cb72581bd757df6960bde8

    SHA1

    dcf3fa274d5df96fedaa9cffe7eb27ce6014f171

    SHA256

    f5865a530ed8ab1b4759415526521d2a3f242de2bceb342fb7a150f30b4017f1

    SHA512

    125e869393f7c51fb6eb692ead9ad1dee44dc13edc68ac08ad4a6d1c948f212a93b2ea65c7794c3f2f4bb21122c9ddb8a2c5ce675399f955df0dffb36af69837

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.deps.json
    Filesize

    57KB

    MD5

    2ca189aec58d95f749b21a92ffd59bca

    SHA1

    b8384dbb5c4be0936a30ee2780f272e0e6824e3e

    SHA256

    d18f6301eba375a73c625cb019eeb1c8ecaf0902129c094f52292ea7c98b5fb1

    SHA512

    1fc7c3fe58d4a4079f98b76663fc157ea3377642fef6c65aa22cd008e6a09d6b5a8c5cd2d71dedab73182394929150f627d15395ed1496386f202ade0801a8a6

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.dll
    Filesize

    3.1MB

    MD5

    139c2c10ea78585f24f7d72a312841a3

    SHA1

    2ec38e48f5c93ef08445293b7875bb8d616ae167

    SHA256

    223eb63b6ba3ab5b49d4b25d8a156d85e8b2e032d48d114594efec6886afcdf1

    SHA512

    d1bc53e2322f530cb83a139676e74b6ae53330285338ef9b684ed6997da3de5d4151b1a5bba2359e1009e7b1d3bdd9af3738625c4ef9b7005d1c6c503bcbe37a

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.dll.config
    Filesize

    3KB

    MD5

    34594291b554d2352d8cff8049857420

    SHA1

    17acaf3ef74bf461b5a8416c9a98645010b6ad9c

    SHA256

    746e4215ebaf38a6f1ecb621f2aad56a593073570800c6c85aaf2e2a904dbf12

    SHA512

    67d6a337216e7791cfe9991e2837c27589ac54f60a816cac9ab3d5e3511cd2e10565c8f32d6d85dfe07e49e62996fd7b817376f7272ff0d482fd46eef69bb592

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.exe
    Filesize

    501KB

    MD5

    483e622853fd61acc2af941f267f003e

    SHA1

    3e3dc784b51e4388688343dd2f9bcfeef127cb6d

    SHA256

    01b7b10045ce8fbedab09335c76f2fcd13bdd8da9029abdb82f14ec90996d772

    SHA512

    50e45ca0a63d95e07f9384b5241e3d387046445197c4abd7785b39b0741fa94115fa72c9aa49fb39d830a2bee3f1f98d9b08f714f6efd4fd5b7fff890edcfdfe

    Download Submit

  • C:\Program Files (x86)\YouTube Playlist Downloader\YoutubePlaylistDownloader.runtimeconfig.json
    Filesize

    458B

    MD5

    07b9a30265ca4e69c7016a1b6e3ffc27

    SHA1

    3a4af82a2695b1423aedd8b60a5c86793c011b02

    SHA256

    c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782

    SHA512

    efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-NA58Q.tmp\YoutubePlaylistDownloader.tmp
    Filesize

    3.3MB

    MD5

    22d59de01f6992d864847f174e8f6f66

    SHA1

    033e058dfe3b2620b6093f9b9036d7e29956ec55

    SHA256

    0e45b66753d93419cb1701c5be8fae5cc5878abce68af6465ae4430a8e7d26a1

    SHA512

    c232a24e9bae9cb17ab18a6eed4a5e70527d2ca6d70d4d2f36d39e29cdbc0965fb881cd7635b22a4cad5d0e099cbaa0e27c42872c4183bc7ed7ec62988358beb

    Download Submit

  • memory/2044-0-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2044-13-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2044-211-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2044-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4092-19-0x0000000000400000-0x0000000000760000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4092-18-0x0000000000400000-0x0000000000760000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4092-210-0x0000000000400000-0x0000000000760000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/4092-6-0x0000000000400000-0x0000000000760000-memory.dmp

    Filesize

    3.4MB

    Download