Overview

overview

8

Static

static

URLScan

urlscan

https://drive.google...

windows10_x64

8

Analysis

  • max time kernel
    102s
  • max time network
    139s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11-03-2021 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1c1HeAtDKjZ1tB21iVFNYaHag4dfBQyst/view?usp=sharing

  • Sample

    210311-vyt98vsrda

Score
8/10
macroxlm

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1c1HeAtDKjZ1tB21iVFNYaHag4dfBQyst/view?usp=sharing
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1144 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1144 CREDAT:148484 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3056
    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S7PGJ114\7869.xlsm"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:208

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_89435FC99EE99DE539EA4AC53DF8831C
    MD5

    f16e85258c6716bcf25097a508f56204

    SHA1

    9e2817e199a754cb1272eb525111121fd6174362

    SHA256

    ba19959c55dc3044c5869a6d689d7ed5c0ec1e9f55662d4f41077bed406e8759

    SHA512

    468d86b7e771964c47d2a08fafb823b85ece038f645675bea8b7b4e0b9c69bb2348ebf86ce222a5bb5657313a14500d5ea343fe504c5e17acfc4ee90849a164b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_F2E8E98F0F63A0FB89EE8256C76BE976
    MD5

    c4f6915541440286bfe1e80a7817ca00

    SHA1

    3619543eb8c5cb2148a5548cf322f3a98bfbf713

    SHA256

    5fa3d5e4437e62bc32dfc2953108c6e9035d283c2529d499a060b983fd514ab5

    SHA512

    b78e829a9521d2fc56b29071e7ead25bdabc05c1f1f85060e5829312a4b0710ee88fba2b8c6a38d464aa557c5bef41fd28107f8dda5590f94d8cc6a6dfbaa6ee

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    48d7b88f7986388169c9f46bd8d48050

    SHA1

    f34113edae5d2fe7046d9250a019bc19cf6534cc

    SHA256

    679a3247b5f50991c3aef6f491cd5a5b0c55f11693a886f6a7cfed811f108cc8

    SHA512

    fb43568a8419777a45ebf4a6325e3c256ce0c464fc9ecb88fd924709aa0ab2b631c027fc258e66e1fc5616f4d252029d926d31b29c445c8af31e4aa70fb0d21c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_89435FC99EE99DE539EA4AC53DF8831C
    MD5

    3f6195ea4c38f960c5b97ea830b16354

    SHA1

    9e4f14810a26984deaed2eb95e68e944378fcf23

    SHA256

    4b45168543224d85bccab0c9680a4fb38936dae635ea4a8ca83eafafd450f76b

    SHA512

    349bcc769d8ed099a9537fac6bc4224bd406a627855cdb27666aa0415fc02d561c8b9b61802ea183bccabc4898069cb745c35989dc6917bd424fb0033749f028

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_F2E8E98F0F63A0FB89EE8256C76BE976
    MD5

    9dfba2062806db03139049c53376682b

    SHA1

    1b22ecee3c2aa714bca64b2419c4535a091602ec

    SHA256

    efb8bad0863e2fc4bd41f8e7765a35a2673948cb15517deb88ae7b3a6c602e7e

    SHA512

    a1bf220d7d069c8fc1ec462ef37726bfb4ac8968bf16f9f14a28f9e8f7aca5002b7aaeae9cb0a8854c06723775f58477be202c38d61b120d3cdff5795b3623a3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    a831806eaf02a696733aaab7618aff52

    SHA1

    0d4e5962e797f219254901efbb668742972f8a05

    SHA256

    12f1c7fdb12770312fecec05f8cc64911061b2bb814a17cbe8eeb146811b2988

    SHA512

    dd5557f82e2469f0089cd74c0d65ec96c0aa6871fb7ec3f4cf6ddccb3b08c9a827df4d493d07dc8d42fc6ef77f01ae54f5676b13e6833d5bb1efc8b1aaafa3fc

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S7PGJ114\7869.xlsm.i1qg7ut.partial
    MD5

    dcc5565a6a7c12d2c89ccb7d3e15e1cd

    SHA1

    8a45a4fd3ade9e8f865d54495159f61117eabe70

    SHA256

    e906c36443a7ede6b1e6195e36aac9068b85cfae3578cba3e39ff406bcb4dc75

    SHA512

    4605b9fc9839ea6be980844af54705a78cba9569f484e1f96c256dac5055bed05e9ba3ee5f6777e890e6c89d6f6dc819965c73446c27b96e0e5e41af14a4ed39

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7VVW0390.cookie
    MD5

    a9f532dfd64fbd4046f8d6d15f95099a

    SHA1

    54db1543dce95ae50aa2f8736a7c8f89219bbd2e

    SHA256

    46e56a3ad17398de5562c7e59745e0b8ed1a9cfb85a6884953b57a0aceefd388

    SHA512

    bc87d0e33810766a6a395b0278a5ca7a2ee6d5d9c525cda417820facde792cb667b701739cc00d5de2a65567e9fddf3ee18ccaf7a00b18bd169e7d46842f0fba

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MR1KO889.cookie
    MD5

    cd082efe936c4a1cbe4ef3000d277b66

    SHA1

    f7180ca44832e4484ced16afed30994eb8d191c0

    SHA256

    b20a346aa481fbd2f6d0e3f0d3eec3de0d0ea540186d5e14efd8b0c0021e6fb6

    SHA512

    2588242946fb1cca6693c2efc9e72ba7871a5ccaa42df0517c3a7e409710f3a80a7e3aac1057d3eb61290f01601ea4a61df5ea8b0c7730b7f60b83e51c66e799

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Q4OJ7Z0V.cookie
    MD5

    c98d063aba2e28a6b0543f8efeaf00b8

    SHA1

    4538980c3d6d9d116207e1836471abadd550f51b

    SHA256

    6785a293099fb3420e2b07f4b3388f6eee5ecc8e849b1c50d4dd96600037cc02

    SHA512

    4ab463ccd4161efb521ce39e62c73e347fd6f74dd8449c2dc835de2dfb6400f2e6e59b6cc37a4f96ba8aaeb6988a4a3d6d91a3977cdb21c3257d40e646620165

    Download Submit
  • memory/208-13-0x00007FFB31D10000-0x00007FFB31D20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/208-14-0x00007FFB31D10000-0x00007FFB31D20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/208-15-0x00007FFB31D10000-0x00007FFB31D20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/208-16-0x00007FFB54D90000-0x00007FFB553C7000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/208-17-0x00007FFB31D10000-0x00007FFB31D20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/208-12-0x0000000000000000-mapping.dmp
    Download
  • memory/1732-2-0x0000000000000000-mapping.dmp
    Download
  • memory/3056-7-0x0000000000000000-mapping.dmp
    Download