Overview

overview

1

Static

static

URLScan

urlscan

https://docs.google....

windows10_x64

1

Analysis

  • max time kernel
    67s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    20-06-2021 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://docs.google.com/document/d/e/2PACX-1vSLnxVcYCmEzZgzIYSXLP8SP9WkyzfeCZyT0harrOTFszT53Xeow3ITpeRNS6ZDV1PTelsDFYQktXWP/pub?embedded=true

  • Sample

    210620-wx7hx2cyts

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/document/d/e/2PACX-1vSLnxVcYCmEzZgzIYSXLP8SP9WkyzfeCZyT0harrOTFszT53Xeow3ITpeRNS6ZDV1PTelsDFYQktXWP/pub?embedded=true
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3872 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    1d7dd9e0513f6f1a1159db4bbc210380

    SHA1

    ed848806adc4ac5d79c96a059144565ef4a8595e

    SHA256

    41e8d2b0af9abaee2b8585a5763c7e68c5caa514caef858f6a4cb6acc0b9f2b7

    SHA512

    a6c77fc465c277ddb3df53a6de3ee75125a27d9c169c567e64e96a36abcacde1359c034b62f4ecec7b3b8209cbd7ee5b77ab13868b375cd0fc5baf70b6bf54a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_4FB9C6A47F4DF08EB3ACA3172E8ACAFE
    MD5

    1caa752ffd2584f90984554a333d302e

    SHA1

    d4150e1afd2a5bc242ac195d55f4103d7771bb34

    SHA256

    0ce01a72210709b3b40dad2c03f13b4201b29ee7e4e68a318df71d0195e2cead

    SHA512

    7805e5ecd268932fab58a5837e176557974cc7fe79e755992a88c7f77e51923f62ced5ff1de740924ffdaab043abe6c935c608efb9dc0c77a0258ecbed3191f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    de27664da1e04c94901fcc3880064613

    SHA1

    aeb52fc87f907dd40ae683c52cf3129d4b27e25a

    SHA256

    7e59ce8a2d7d1e1201e535a3175bfaf239b9f5da7be265c18c5ff1e1bc696282

    SHA512

    2d1e23a6cb1641bb1c393e404950a781cb20e5123c1e85bed129a02cc54b45e84ef49b54bd4a19a0dd48c66693fe119fd4f6b6733c71d34655d4ef67b760fa36

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_83D66DF75B62300F242C70C2C66A233C
    MD5

    99d18bbaf28da3bd17baa3dd4698fe8e

    SHA1

    55ab304c095bb290410e3b25fa3e2258fd74a1d8

    SHA256

    e6d0b62833209eb3000c66cca4ac6877df59d76143df7176ef854dfa991dbe6f

    SHA512

    7a35288192da9eae82318bcdab773adf05734304a35564ff851e3bfb1f9b2650366ff1f9de633fc27510016ac8f91cb070058c877a11011627fb34d72db0620b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    505979bdd967eb59820d7db343e9924c

    SHA1

    9a9d16df6bf406bca2fe47019e15593e6427b332

    SHA256

    c1f3c3bfd841f88bc956823f05b1fc83683d41096a275929e264fb7adfa4c915

    SHA512

    23b82ae1160b875b9eb2407a7fee4a8ec09bf8d2eee5824ea24ab83958704ee470009ea014974a21a82f9d3e6942db5ec0139f2a6aa853798f8b0128af0205a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4FB9C6A47F4DF08EB3ACA3172E8ACAFE
    MD5

    c4158d467ec55fd4c13cb09336f0f759

    SHA1

    d756ce34b1537f9cabaabac809cf6105e53b20b3

    SHA256

    330f31129bc367b5cb88deb95a395a5ee2ae44ac7d29861d4caf553f54c39fc0

    SHA512

    9a6017439ac76e79cb1332830044f103f1d9a4d7122fb958de8a9c25091987cd7b840b438f0117dc3f8ac23c46ad31f169a51924498a3fa4aad0739fd0eec797

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    cae86d503daafd59e6c293fde8314fab

    SHA1

    3e417da683b00ce60ec953a4e4a962753725076a

    SHA256

    0d4d5ac05f95c1ae8a07e8b89e199acd9cda036003bd39210cd625a201764f3c

    SHA512

    65364c15c31d33f1bcdc7718c64bf7dc52b796e3ccdaaca6677da5ef3f9440b38421004894d73fc3cf51c9f1882ea05d20ab5a2de52efa3226f02a90ef0a8beb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    a58b7d3adcc48eccc772e263c9bc8c8f

    SHA1

    752d4b77c60523a6cfc3e0c6470e97c4d4968744

    SHA256

    352fbd9968d1d47f36277f8b480dc52b9c62e9487998b82cea86d41d6324b504

    SHA512

    42d0a87bb23133be81ce79d8cf1cfbd9f023c359fdc6770139730836b1e8b7fa664076479bf908d8b962b4d75a9fcd0c05083bfe821f64b7b8db50975949ab2b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_83D66DF75B62300F242C70C2C66A233C
    MD5

    d19451986d2dd07f83f989087e6c497f

    SHA1

    2881d995f4aef5604fb0f25f9c9dc35e65d5356c

    SHA256

    e156c1040ba4e807a93757100fb5472984dacc8280a73c4ffd22cb85c6a02504

    SHA512

    c09a997917285a450519f37fcff91b7a4fa84c8a56d4e951c545763d7671dfdc2ffa5acb1cde817f0809ce3123da044ec5a655c8201941c58a583f4ae8aef7dd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1SGJ6Y8Y.cookie
    MD5

    80fbc4c4d0160bc2026caa0413d73332

    SHA1

    ddda96ac996e593409a25be4893c3948880c14af

    SHA256

    aae0b555f9592a8d2bd75136581d388aa6a79b691c9895fd565c70a7296a13d5

    SHA512

    50967668abd3feb9e7d3d9690e7fbbc63134df45445bd4ca6e665e13493c560502e37a90f9ee983dac14e09ce0732f6eea42b62c4d930e15ffdb8c2f9cc054f6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\N6FNFJ45.cookie
    MD5

    407c223b018f5b192111ff625463f7e2

    SHA1

    28dcd1d14a9cfdcc0ef134f2f1ffa281220118e9

    SHA256

    3e5856997ddf225724be1284c767a246faab87d68b896abc90096819d1681197

    SHA512

    4d07fe3af7b89d0b676a21bb1e773fc22ee2f94d097517731f2c1408a43f63051ed63af8ba259eafa139381156232530dbee9f8dc42a9b5bf5642b5882af935c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SA964BV7.cookie
    MD5

    6748e1c3c8cf9ad9b9301f1f58e8ebea

    SHA1

    7772e1465149b4c884801c70bf9bc7781c17e5af

    SHA256

    a8040635b2c5b5ce8de797dfcffce875c09206f360c24ca0ab9fed79cbf366cc

    SHA512

    34c74d45e03fb5d83c67f0d0da858b658b3cc99d3bd4c71cf09ec8504463ae326a5e3a0b012160c69163c515a626252d49b6116006942659b88ab69d25a10fdf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VZFTOQXJ.cookie
    MD5

    9b2eab32c8376d86038c34d07cb74c2a

    SHA1

    7d1b5a0df2a9fd7260435ae8444e4efa6b122aff

    SHA256

    283bae3d7e5766bb8baeab89f02a3914323d6976daf992e948460a327b433817

    SHA512

    abb1adc34ff87b0c5d54308329ad28eb1b9ca00f88c8fedf696e186f0d56900de8977d3c88708c53eb5be14bc07c72da4ea63f2e102f24c8f56d7f78d556c95a

    Download Submit
  • memory/1296-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3872-114-0x00007FF9000B0000-0x00007FF90011B000-memory.dmp
    Filesize

    428KB

    Download