Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...le.exe
windows7-x64
3eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...us.exe
windows7-x64
3MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...ro.exe
windows7-x64
eeeeeeeeee...od.exe
windows7-x64
10eeeeeeeeee...ts.dll
windows7-x64
1eeeeeeeeee...ts.dll
windows7-x64
3eeeeeeeeee...ot.exe
windows7-x64
3Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
1681s -
max time network
1566s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
15-09-2024 22:42
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240708-en
Behavioral task
behavioral13
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240708-en
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Windows Accelerator Pro/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Winlocker.VB6.Blacksod/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/AxInterop.ShockwaveFlashObjects.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/Interop.ShockwaveFlashObjects.dll
Resource
win7-20240729-en
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/YouAreAnIdiot/YouAreAnIdiot.exe
Resource
win7-20240903-en
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
-
Size
396KB
-
MD5
13f4b868603cf0dd6c32702d1bd858c9
-
SHA1
a595ab75e134f5616679be5f11deefdfaae1de15
-
SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
-
SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
SSDEEP
12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i
Malware Config
Signatures
-
Executes dropped EXE 15 IoCs
pid Process 3040 Free YouTube Downloader.exe 2468 Box.exe 1216 Box.exe 2896 Box.exe 2372 Box.exe 2320 Box.exe 2912 Box.exe 1724 Box.exe 2992 Box.exe 2712 Box.exe 2524 Box.exe 2168 Box.exe 2936 Box.exe 2904 Box.exe 920 Box.exe -
Loads dropped DLL 2 IoCs
pid Process 2252 [email protected] 2252 [email protected] -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" [email protected] -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe [email protected] File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe [email protected] File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe [email protected] File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini [email protected] -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 15 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Box.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3040 Free YouTube Downloader.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3040 Free YouTube Downloader.exe -
Suspicious use of WriteProcessMemory 60 IoCs
description pid Process procid_target PID 2252 wrote to memory of 3040 2252 [email protected] 30 PID 2252 wrote to memory of 3040 2252 [email protected] 30 PID 2252 wrote to memory of 3040 2252 [email protected] 30 PID 2252 wrote to memory of 3040 2252 [email protected] 30 PID 3040 wrote to memory of 2468 3040 Free YouTube Downloader.exe 33 PID 3040 wrote to memory of 2468 3040 Free YouTube Downloader.exe 33 PID 3040 wrote to memory of 2468 3040 Free YouTube Downloader.exe 33 PID 3040 wrote to memory of 2468 3040 Free YouTube Downloader.exe 33 PID 3040 wrote to memory of 1216 3040 Free YouTube Downloader.exe 34 PID 3040 wrote to memory of 1216 3040 Free YouTube Downloader.exe 34 PID 3040 wrote to memory of 1216 3040 Free YouTube Downloader.exe 34 PID 3040 wrote to memory of 1216 3040 Free YouTube Downloader.exe 34 PID 3040 wrote to memory of 2896 3040 Free YouTube Downloader.exe 35 PID 3040 wrote to memory of 2896 3040 Free YouTube Downloader.exe 35 PID 3040 wrote to memory of 2896 3040 Free YouTube Downloader.exe 35 PID 3040 wrote to memory of 2896 3040 Free YouTube Downloader.exe 35 PID 3040 wrote to memory of 2372 3040 Free YouTube Downloader.exe 36 PID 3040 wrote to memory of 2372 3040 Free YouTube Downloader.exe 36 PID 3040 wrote to memory of 2372 3040 Free YouTube Downloader.exe 36 PID 3040 wrote to memory of 2372 3040 Free YouTube Downloader.exe 36 PID 3040 wrote to memory of 2320 3040 Free YouTube Downloader.exe 37 PID 3040 wrote to memory of 2320 3040 Free YouTube Downloader.exe 37 PID 3040 wrote to memory of 2320 3040 Free YouTube Downloader.exe 37 PID 3040 wrote to memory of 2320 3040 Free YouTube Downloader.exe 37 PID 3040 wrote to memory of 2912 3040 Free YouTube Downloader.exe 38 PID 3040 wrote to memory of 2912 3040 Free YouTube Downloader.exe 38 PID 3040 wrote to memory of 2912 3040 Free YouTube Downloader.exe 38 PID 3040 wrote to memory of 2912 3040 Free YouTube Downloader.exe 38 PID 3040 wrote to memory of 1724 3040 Free YouTube Downloader.exe 39 PID 3040 wrote to memory of 1724 3040 Free YouTube Downloader.exe 39 PID 3040 wrote to memory of 1724 3040 Free YouTube Downloader.exe 39 PID 3040 wrote to memory of 1724 3040 Free YouTube Downloader.exe 39 PID 3040 wrote to memory of 2992 3040 Free YouTube Downloader.exe 40 PID 3040 wrote to memory of 2992 3040 Free YouTube Downloader.exe 40 PID 3040 wrote to memory of 2992 3040 Free YouTube Downloader.exe 40 PID 3040 wrote to memory of 2992 3040 Free YouTube Downloader.exe 40 PID 3040 wrote to memory of 2712 3040 Free YouTube Downloader.exe 41 PID 3040 wrote to memory of 2712 3040 Free YouTube Downloader.exe 41 PID 3040 wrote to memory of 2712 3040 Free YouTube Downloader.exe 41 PID 3040 wrote to memory of 2712 3040 Free YouTube Downloader.exe 41 PID 3040 wrote to memory of 2524 3040 Free YouTube Downloader.exe 42 PID 3040 wrote to memory of 2524 3040 Free YouTube Downloader.exe 42 PID 3040 wrote to memory of 2524 3040 Free YouTube Downloader.exe 42 PID 3040 wrote to memory of 2524 3040 Free YouTube Downloader.exe 42 PID 3040 wrote to memory of 2168 3040 Free YouTube Downloader.exe 43 PID 3040 wrote to memory of 2168 3040 Free YouTube Downloader.exe 43 PID 3040 wrote to memory of 2168 3040 Free YouTube Downloader.exe 43 PID 3040 wrote to memory of 2168 3040 Free YouTube Downloader.exe 43 PID 3040 wrote to memory of 2936 3040 Free YouTube Downloader.exe 44 PID 3040 wrote to memory of 2936 3040 Free YouTube Downloader.exe 44 PID 3040 wrote to memory of 2936 3040 Free YouTube Downloader.exe 44 PID 3040 wrote to memory of 2936 3040 Free YouTube Downloader.exe 44 PID 3040 wrote to memory of 2904 3040 Free YouTube Downloader.exe 45 PID 3040 wrote to memory of 2904 3040 Free YouTube Downloader.exe 45 PID 3040 wrote to memory of 2904 3040 Free YouTube Downloader.exe 45 PID 3040 wrote to memory of 2904 3040 Free YouTube Downloader.exe 45 PID 3040 wrote to memory of 920 3040 Free YouTube Downloader.exe 46 PID 3040 wrote to memory of 920 3040 Free YouTube Downloader.exe 46 PID 3040 wrote to memory of 920 3040 Free YouTube Downloader.exe 46 PID 3040 wrote to memory of 920 3040 Free YouTube Downloader.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\FakeActivation\[email protected]"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2468
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1216
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2896
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2372
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2320
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2912
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1724
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2992
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2712
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2524
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2168
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2936
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2904
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:920
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
438KB
MD51bb4dd43a8aebc8f3b53acd05e31d5b5
SHA154cd1a4a505b301df636903b2293d995d560887e
SHA256a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02
SHA51294c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce
-
Filesize
153KB
MD5f33a4e991a11baf336a2324f700d874d
SHA19da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20