Analysis
-
max time kernel
204s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
31-12-2024 17:51
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Signatures
-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload 1 IoCs
-
Drops file in Drivers directory 2 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 33 IoCs
-
Suspicious use of SetWindowsHookEx 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46f246f8,0x7ffc46f24708,0x7ffc46f247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4720 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9724340292634786910,13459146147360865949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 4322⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5768 -ip 57681⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 4082⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5896 -ip 58961⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\drivers\spoclsv.exeC:\Windows\system32\drivers\spoclsv.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Carewmr.vbs"1⤵
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.avp.ru/2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46f246f8,0x7ffc46f24708,0x7ffc46f247183⤵
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ColorBug.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ColorBug.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FlashKiller.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FlashKiller.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 2402⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5184 -ip 51841⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Frankenstein.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"2⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5ccf7e487353602c57e2e743d047aca36
SHA199f66919152d67a882685a41b7130af5f7703888
SHA256eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914
SHA512dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c
-
Filesize
471B
MD50f4717b52caa82774dd22c5ab72c0f87
SHA1c1b720ffc33cf79b5561d118d13afb137965ba63
SHA256df721db9ecdd176810d298d286a1d5d4dea6517903458dec247a1ccdbc458d04
SHA5121960ec6874930da15dd3966016582327de1a34dd65df0aa1cd9f7968bdc616795e41cb36610142e79c661829ef887eba8a842a75ddf6e7dfdba6acb6aa643c9d
-
Filesize
420B
MD556c916b69bbf8e145c66a2fb4ff6d7ec
SHA1b4961c8510e476aa0f42f7e224ea6f060ec63a9a
SHA25654c1e3f108e7bed90fe9fec57b572641d5d7eaaa778b9a7adc39f01c89f7a685
SHA512d2087cfbf4b07906e66073f66c551331d5f5bf9e562bd8ae712ff4a120f832acc1924c2fe8a86fa179b7e802c4690154baa071378ed2b1be5b1c5c91382ba1bc
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
1KB
MD59fab59bd8e18266c8e2d9b6d44551ac9
SHA19913e25ac0f6d97157f23eaebb42c47aec1091f5
SHA25693510554ac0840426a1fa0ee016d75543860b248abec2b850a907365be5aaccf
SHA5122c2e4ba17cf9424407941930d44882935c5d233899ea0c804a3bde78d35b337b0b3a2e4d6378015b33e46b70e6be021d77b79718bbdccefee5415519df2121b1
-
Filesize
573B
MD50028a1a5c441a3cd5a60c34da771564f
SHA1e15d27a8322b435564ebcd36467b997d0fa8ef32
SHA2568dc36283781a25af9e2ae76d255ae311b2715396f710ff0e9850b0e64525759d
SHA512e26efd2be3114e733acdc00fb54150790872b10c88a7c4d3a19a16383bf58897ad89f14b3255a984f836666b98bafc099d8988532d03acda0dee7a7a7da3f40e
-
Filesize
5KB
MD54254ecc603c97bcfca71143dfd2c6256
SHA13c301334cb88bf992aaffdb9bd89efd061e8ce73
SHA256c4c2548d614e051c95f0da317819bd697ec44df0e844221d328041d6e381238b
SHA5128d4eb9f7f08a897fb004428e1ba0e644ec04280b0071b6acbd594750261ef67af7d12ef12ca43c65fe1f02447824b2682801736c7510c7ee81991f6d14646bb7
-
Filesize
6KB
MD596cbb59a159ca2f1ecf508684dd46c0f
SHA13cc98e57e7bfc18cacf067380bb0ee08d8163f97
SHA256c5ed3d03f5ffbfb3c5a94ad0a77e7aaa5d0549ca0e168e09fb4e16331fe73d3c
SHA512644830a23d8e648123c2a835681631a5017ad94992f13201e801b28096ad4bd4db4af16168ae2fd2178e46b85454b1a03cd6997650945252a23d8f38ab2049f8
-
Filesize
6KB
MD553cc669f7800fa0ba7b18ba43b0c8467
SHA1a15a0a7838cedfa7576eea8a7add61d07521ec0c
SHA2560b0b610af2c28e89675551638377b993661f689c44540e9008a591e9372161b3
SHA51277c77fad2b663c0d0f2d2876cad2f1e2effd32a00634ab2cbbf0640df6f4aa0662750ded71ec821012b73ae5892c2365eb0733c02b01f28148ea40bdbd8b7d0c
-
Filesize
7KB
MD54ec4dd713efb31a77205f7ae3236647f
SHA1b6ca9ecb9d0e0a40ce81b1560a00dbba9f351454
SHA25669aa2bfb9cabd6c5d9f1f141319ed8bbe72fefcb9aecb39976c3a944278a8d33
SHA512f8b1e789f8f07135414a0e93f40455a018f246f04cff19cdbf664692d61e708916e30502baf8f275af94b6e6ba2fb943d01b7dbda0be0c64523c1fed990956a3
-
Filesize
1KB
MD5941285d8d5ce564585ec029340ad9732
SHA15aff51f24ea56e755a63661898491c5cd2549a21
SHA25609dbfeee0fa19d6333ea1e8f21d580e5c29dac17d3bffbdbc1965bc3723df50a
SHA512abfcc4ebbbd3459331894be867940de8cdf1e4403b5a1caf1959f6dd59033e141d84cec066bbf51a70f1328cd4e6e4625332a9674ab505d1bcb43759f988b095
-
Filesize
1KB
MD508439f81c2ae8625749f51671eed09d7
SHA137673b8ddaeac8a63e3d3406a3bfff0ea89fe9ae
SHA2566dddf663055ec331dde49ad36608776a780aee89a9053b91ca5ab61ec03a0955
SHA512e7b5ff2a0206807e9afdd66549d13ea8f60d903d997ad0bbdc4d332d208665fab705dc6569a3431e1ea54d600959332934bc72e4013c93892d369b90f009f362
-
Filesize
874B
MD5d5a00fd6fb3466e51f29f1dfae229c5f
SHA1041b4e800d0ef12a12060ec62f96083be440d2ad
SHA256fa98fc1674edecbe5b021f7216b1e80ee9ce1bff5b6e1bd35882ea4b2c9f093b
SHA5126167f291cdd496eac9a2aa846ce4ec75dffd6741cb07c1eead3c4cd60b2835014dcb82ec64659f78985eb6fa8408ea7f26cdc34828e91cf3d7dcb7eac8934bf4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51beed76d047136846a70c2f29b30c1da
SHA1529dc9a6ecf78344fd528c92fa157a73c297f305
SHA256363370d9d587331d64889f185af616dcd6ab11aae6c57b792f6c0fc6541e5368
SHA512058306a43436db56102268e7d260d564a01cb928c7eca3e98da0e9069a6a18dfd98db9c85a2aaefdcc11610caa321c11424f4fbfa953b9cbc7957df8b754b0c1
-
Filesize
11KB
MD5371bfc8729de18120ffd77caeada6333
SHA1cb5e0b3756410c22e953dad88c7149c0bb792c90
SHA2566a538035baaa0b2626650b10e0f2b14c96070a0921319717dda72f2a2951b63f
SHA51273678536591cccab6dccd5ed6f6efac2b525183782a5c5b3c8ad40bc71a916c4642933a5a7012441a8bd7cbf864dc5fc842b44effe6ea8f7b9ea3184389c180c
-
Filesize
10KB
MD51ef1d498cdc2e7a6c7fc5c1958a00441
SHA1f9b8fd5e1628856f18a877583c8085e30b6304bf
SHA2566cdc8c1740a67dec86c36164039a658ab44e27f1152e681c528070065a54a5a7
SHA5120e53efa401e2e6327cb598b291f4b337e7c14fab34abcb15e3322cfef9197b9d7434e5a31c81ca92ab6cc278755fcc496fcd659f56c879c2e7c3f314a751dde4
-
Filesize
11KB
MD59fe16ed1ceaad3ea2f3b0652a9a7d121
SHA1434885bc6ee32a6887eb95757ea9525e21443a17
SHA2561e778a1d36f28583cdba27dbe88c247f056a2659c78f7cbcf4edb895c9f8c7e0
SHA512864ab4cf884be00a81e41ef6ce474e059dc3f434d772eb810ae5a1aa5aa81ebe5699968804acd36b3c6fefea00efa31a107bdb672a617df424b31b1a4378cece
-
Filesize
21B
MD5f1b59332b953b3c99b3c95a44249c0d2
SHA11b16a2ca32bf8481e18ff8b7365229b598908991
SHA256138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA5123c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4
-
Filesize
417B
MD5c56ff60fbd601e84edd5a0ff1010d584
SHA1342abb130dabeacde1d8ced806d67a3aef00a749
SHA256200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c
SHA512acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e
-
Filesize
87B
MD5e4e83f8123e9740b8aa3c3dfa77c1c04
SHA15281eae96efde7b0e16a1d977f005f0d3bd7aad0
SHA2566034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31
SHA512bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9
-
Filesize
14B
MD56ca4960355e4951c72aa5f6364e459d5
SHA12fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA25688301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA5128544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d
-
Filesize
177KB
MD58d5bb185fc0783b0b1c7954e8e545dc0
SHA1cb9e04b07963eafe2979dab421ebbe201726c74d
SHA25600e097e46e754ee969515b6e57a7363ede8c9da930664cb61f6ca50ed1d35af0
SHA512bd9d7f824b94c9b5d6d20d30e3ccd9570c0a01ee36d05a1dadba3b44334151fc40f06aebeb8a37fec30b7a98fd07cac6574e005faffca1777b1f410790065e13
-
Filesize
11KB
MD568fabd3d75add239514956fe27579094
SHA12417e8148c6f2c61ef503674c08f773f6f3d9e4c
SHA25650f25cc60583b6d0eaf552d8c32a1321943b6ed77d95dbf1bac58c981a0a4479
SHA5128a0529ebf47b39093e55786c4719b568e9846ab3428e73d0139c4323e9de00f5e4591e07a56e1ea960146297cf8b9f1943fe8d14ffd17df199c53cd82abb7ebd
-
Filesize
24KB
MD58665de22b67e46648a5a147c1ed296ca
SHA1b289a96fee9fa77dd8e045ae8fd161debd376f48
SHA256b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f
SHA512bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da
-
Filesize
2KB
MD5a64653d64585bdb161f17cf16b5dff38
SHA1f9ca7dd034bbba4ab43d64700a361d16959457c0
SHA25632ec11996445af02f46f8ae033de51c01c0e5409bedd4223285d76e65884dbfc
SHA5120d6ddb5c03359600b8f57615fcbf5913ffc31b72c2ba68e6b5cfb819b8e4d38c1185ef8719c78e4a7563424b5c18cc85f1dc996d8835dde6bca8e3548f4ac7e9
-
Filesize
2KB
MD5913e89f519a52d55dfb49b56403afde3
SHA1bfdb6835425099155f781ec2f5e7aba7095437ee
SHA25635618c078390528b83373786cd73b3c5f870bca319110338bc0924de5960d12f
SHA512d62a39a06f3359ff68a456ffafd7e7ea58c69a8f48558392c4f622ec1545ae3270a79d555705d0c5e8ad949fc448740350ea54922c91657d45036c5608ef3215
-
Filesize
4KB
MD5450d7474af1deb75b9302c405d72ab9b
SHA1ccbfa1ba817a87d8926ade6c8f976e4b4dffa304
SHA256f10d2589f69ef01fd681260029e2df84f45c09694de032c1aebeac6e24337dc2
SHA51274051a47a8bca2a498e891be3949bce9f5b2f17efbabacea70e6c32d2fccbcaf3c421db24abde291975e667ec6d169183a2082c6ca2e1f6836305efc5346e971
-
Filesize
430B
MD50d1047ffb5f08fe388c78bb1da51a5dc
SHA1c8f1d033223eb3c735e5b6175ee9bd7557ace467
SHA25645b53ce3856e557710bd7f76d88fd973a12125e18b23b6590cb91a764426791b
SHA5125ccc8bbd8aec6c2f3d7f07d0a3e9f4b3c81f6b4969d7814bd2b5f4c7dee78591c2f1411bf290fd9881566ca0472d088852befbb6be40dd99ff6a960a5e099c53
-
Filesize
478B
MD55ccd48164297fd44825621b14fc262c6
SHA1a8d5fb22e1bab3da125422099cd7f424e04a3880
SHA256acbdec41510b4e4581c3c8248336e6b9b7ac2aacac22bc97c9d0f32f92d16fb6
SHA512c5322965bf771932add5096d374aaac06305eb65af7863fcbbeb4df8972b2aa0c2c5a10d5c494749d2a3f5835b65f8d42b30f4d2cfed262789db04ac5880e408
-
Filesize
31KB
MD53390db346699dcecbef01ccacbeaeb0c
SHA1ca8e858cf1bda8d66c96e5100abdcbcc8269d12c
SHA256f1f23da411a3b0fe6ef733bd873a96dd14a94fa9620c93237453b0cc848d3b88
SHA512d4a1340fe2eee9a26cceba6fe8a973a1c33a95b32dffbe39263dafc85fa4c32a17200d03d763abee0bba744cb425b080023f7a12562c922ee6d35330d5a02a0c
-
Filesize
5KB
MD5ec67c0eced6a2a71992807fa2c8d71cd
SHA1f901ae5ef19fc4e1b6ae5ca236228cb55500de6b
SHA256f4a7f3b318c98386100d62a84d5031c7485d990bfa0c65e49d8bd167678b89b2
SHA512f8a6b0cff23745057848c5cdef9dcb897c6bb94a6c9addeb4cc4400fe4e4c937f766cbf2fda99588ba11bdca957dd880fc394cb5bf94fc63f8913dd4a6ef8f65
-
Filesize
4KB
MD5b66ebb40f3d4c56238f8c5e9614330d5
SHA1af83f78c0c7c5c774964aaf2d1b0a06abdc21223
SHA2563ab5120a0f4006e0e9d688162ceb168f6e51a559e032251078fb67a9119d0b1d
SHA512e33142a9929904ac4e4e3a6f3a95b28734b9cdbb3b627280497c5680be23497c2d4e28d2dd4e521c9b45f92367d1f2a67cafc73b5647f9dea5251400ba114579
-
Filesize
511KB
MD5403bb648940a23bf92abe457a4a2fc90
SHA19488f2f25ea0015a321d78719e56ea4a922cb21f
SHA256ffd26e7e419743335abe72da95e95fcc6d571d73a408bf0fbf72bc5e662f1865
SHA512036c7fc38e2ec6d38d9f53fc4da319880ab247c8da97c441a959cd58dd67bdaf9c154ec3f0b87dc45d636d5242347da91fcb0664b9efb474da1ec4731ed9c60d
-
Filesize
153KB
MD5f33a4e991a11baf336a2324f700d874d
SHA19da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20
-
Filesize
73KB
MD537e887b7a048ddb9013c8d2a26d5b740
SHA1713b4678c05a76dbd22e6f8d738c9ef655e70226
SHA25624c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b
SHA51299f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af
-
Filesize
80KB
-
Filesize
184KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
240KB
-
Filesize
16KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
468KB
-
Filesize
6.8MB
-
Filesize
192KB
-
Filesize
468KB
-
Filesize
192KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB