Overview

overview

4

Static

static

3

JaffaCakes...c3.exe

windows7-x64

3

JaffaCakes...c3.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PROGRAMFI...it.exe

windows7-x64

3

$PROGRAMFI...it.exe

windows10-2004-x64

3

$PROGRAMFI...al.exe

windows7-x64

$PROGRAMFI...al.exe

windows10-2004-x64

AniGIF.dll

windows7-x64

3

AniGIF.dll

windows10-2004-x64

3

Communicate.dll

windows7-x64

3

Communicate.dll

windows10-2004-x64

3

FSkill.exe

windows7-x64

3

FSkill.exe

windows10-2004-x64

3

VnetClinfo.dll

windows7-x64

3

VnetClinfo.dll

windows10-2004-x64

3

YBNTSrv.exe

windows7-x64

4

YBNTSrv.exe

windows10-2004-x64

4

YBProces.exe

windows7-x64

3

YBProces.exe

windows10-2004-x64

3

YBProces.exe

windows7-x64

3

YBProces.exe

windows10-2004-x64

3

YBStart.exe

windows7-x64

1

YBStart.exe

windows10-2004-x64

3

YiBopal.exe

windows7-x64

3

YiBopal.exe

windows10-2004-x64

3

play.exe

windows7-x64

3

play.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2025 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YBNTSrv.exe

  • Size

    109KB

  • MD5

    823fc2eed5ad911695d848ef6e621b32

  • SHA1

    9945f86471b819fc33d23b254a30e76593d44270

  • SHA256

    8e1658a24c1b135764257cf59ac3a8d07b6fa1594adf9a161648acd3181ffc2e

  • SHA512

    8845dac46ce480bdb18dea0d7021d5007e7a2eb2150ba93a020b55eb9d80466aab9cac1496a702636ca8f4c77bab7b9381bc0881107d2f91d79e96f75bf016fc

  • SSDEEP

    1536:drrkjsFSwaJyfmnCJZe9V7EIg6OMHApfMYy1RCJjaJyfmqS95Gw:drrHPfmnYZe9Ng6OMHApzORYFfmqqGw

Score
4/10
discovery

Malware Config

Signatures

  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YBNTSrv.exe
    "C:\Users\Admin\AppData\Local\Temp\YBNTSrv.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Windows\SysWOW64\sc.exe
      sc config YBswitch start= auto
      2⤵
      • Launches sc.exe
      • System Location Discovery: System Language Discovery
      PID:2408
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c YBNTSrv.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Users\Admin\AppData\Local\Temp\YBProces.exe
        "C:\Users\Admin\AppData\Local\Temp\YBProces.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2800
  • C:\Users\Admin\AppData\Local\Temp\YBStart.exe
    C:\Users\Admin\AppData\Local\Temp\YBStart.exe
    1⤵
      PID:2396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\YBNTSrv.bat
      Filesize

      100B

      MD5

      d773784795d44021b418f5208859820a

      SHA1

      a37533af049fa155847c1115ba186b3402026e49

      SHA256

      7845d94af75d36efcdf99cd5c85a98b5df7b4ac2c0bc205836910d1ff63c23d6

      SHA512

      715d45f4bc90c84950ba724751f2cdd9b84db1437204f77ce5e41210115d7750e9f9ae7553eda528d8c98003c49a7292269ab065449f22e1c36f350283cc3f72

      Download Submit