5015af8fb5725c4c9ebac28a890128587b888acddab6cc9ff06e94e782713882

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup (6).exe
Size

289KB
MD5

1a2af687af2c9f39a5489da1bfceb864
SHA1

f5502776ce55b19679a8ff5a17884f3cc5db34da
SHA256

bd194616665ef6125f7c4af3796de38103c38fc8653d27ee861975dc343520ba
SHA512

f8c094ec519dc59955bad70c0a02d3fd15741c539be5a8f1d0002fbe5007e798180d590ea14b3b22ea231ceb4c5424eced00043ac36d35e6ddf34f5475cd54f6
SSDEEP

6144:FZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6nkFkkk2kyWDwOrNkYgYRWW:jANwRo+mv8QD4+0V16nkFkkk2kyWUOrF

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

1148 Free YouTube Downloader.exe
Loads dropped DLL 2 IoCs

Processes:

Setup (6).exe

pid process

2008 Setup (6).exe
2008 Setup (6).exe

pid	process
1148	Free YouTube Downloader.exe

pid	process
2008	Setup (6).exe
2008	Setup (6).exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Setup (6).exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	Setup (6).exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 3 IoCs

Processes:

Setup (6).exe

description	ioc	process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	Setup (6).exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	Setup (6).exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	Setup (6).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Setup (6).exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Setup (6).exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

1148 Free YouTube Downloader.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

1148 Free YouTube Downloader.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup (6).exe

pid	process
1148	Free YouTube Downloader.exe

pid	process
1148	Free YouTube Downloader.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Setup (6).exe

description	pid	process	target process
PID 2008 wrote to memory of 1148	2008	Setup (6).exe	Free YouTube Downloader.exe
PID 2008 wrote to memory of 1148	2008	Setup (6).exe	Free YouTube Downloader.exe
PID 2008 wrote to memory of 1148	2008	Setup (6).exe	Free YouTube Downloader.exe
PID 2008 wrote to memory of 1148	2008	Setup (6).exe	Free YouTube Downloader.exe

C:\Users\Admin\AppData\Local\Temp\Setup (6).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (6).exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
152KB

MD5
d7dccd844047a41ecda204295c4f3743

SHA1
21ee4ead319c6cd4b7568fef42da637945b15793

SHA256
9db8971c38f1803f7afc80a8c332ca93d69d084f39ea119f9c28c02ee1ed9166

SHA512
fe249bc49dfa9ea80594370c94b6f1344e91f91d7b378265472706eb35ac6fbeba02c13af95dfebd045cf6ff3a59cb32bc7893dfa686ab15059a6c9a3ac5833a

Download Submit
memory/1148-26-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/1148-27-0x0000000000D40000-0x0000000000D6E000-memory.dmp

Filesize
184KB

Download
memory/1148-28-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/1148-29-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/1148-30-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/1148-31-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2008-24-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download