Overview

overview

1

Static

static

URLScan

urlscan

https://1drv.ms/u/s!...

windows10_x64

1

Analysis

  • max time kernel
    251s
  • max time network
    262s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-07-2021 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://1drv.ms/u/s!As_EWtU5WPg9a54pDCGeSUbd5EU?e=9nNlkF

  • Sample

    210727-vcx7xezhk6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://1drv.ms/u/s!As_EWtU5WPg9a54pDCGeSUbd5EU?e=9nNlkF
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3340
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:279559 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2128
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3712
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11566:86:7zEvent5442
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1400
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\9qeJY2qk5stQ.vbs"
      1⤵
        PID:1840

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      2
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
        MD5

        98b7c4f1f0b51bbaed8ad0edf4dd52f4

        SHA1

        68a9a801a57e0a5b28d135ab147414311fe65f93

        SHA256

        558b559f1fd74f22e55cc7139c91aee66c29658c14703525033e11408584aedd

        SHA512

        5740475662792089207d08b71035ae7b7af9ddc6cd47151aa28e22378b0bcc438e0799e13d070fd9879edeb67ae3f472544cbc37aa26922e6dd4c67531ed9583

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
        MD5

        86780ce06cf6c6ca5c8bd1a87cc4f510

        SHA1

        3d85c5863d09ade2a1fe6c3cd88917bbdd415a67

        SHA256

        a7bf20a8b07176ddde9b3c5a4ace0ca0233807375921e0c2a484d4ae03d2fddb

        SHA512

        a7160911265630e998bf773f08d8969a0b042b31427ff38c7b6ed35b370faa53a8b70b3cb38ced0d30fe21bc763f7fc7d076916d9940de0625b5d049a6639602

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        MD5

        c3f544b1ccb3d30c4a4d641d42702778

        SHA1

        07c50009db6f83442fbc2764ba58dcbea6bcdc1a

        SHA256

        a7c6104402e1a41d0c9ae3b0a4f5943528314aa48edd72d576068ddc8389ab83

        SHA512

        3553c09e54c6420d81975612e0877d392fbd3ed9730e1a3a87d5e23ed3ca0c4770e8b60bd296baace7e6baec3c084756a687b1b3a959f06b5df41b664db22824

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
        MD5

        e49f976d4620f7357b7b03449d2a19ec

        SHA1

        09cd27cb178f189076af1a43149e4e8f44b65838

        SHA256

        1524e315cb4f4b16eecbc998f15da64cf2e2dba5f53c02fadd730d7911c81adf

        SHA512

        7cb29ca5e1b94beb845bff5523b6ee7d07ffa9daa8f20d702a188d364b64beb8dfb1842c1c64a581b2745a8b7661da0b3905351f66183212d725dfa44d0c24d4

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
        MD5

        79dcb86ceba3c8615ab326d047dd93b4

        SHA1

        ddb6572da1f15865467421ed4b1fb02eccb7d79e

        SHA256

        72bdd7a5e89cc411923e6d6566a4182810c2750de4ddeddce4f74b7ee0cacd4d

        SHA512

        6936e9562dcfd69262472ff4e8602021a6c4f1c7d0d1dd2fa50452e1bb4e2af534032c23f100aaa347b06412a650f8d89b2f7a61794d17ba0f4b63b08d2bc089

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        MD5

        b9fe4dae2ff9e46a1da5a6907985dabc

        SHA1

        f817e7be89a61e222364a66391381d2c61530bc4

        SHA256

        51368f9137f12eb8c6d40a34a97258e8a5c81219afafae4ea3234456c556951e

        SHA512

        17f6f5ae40a5da95f193f259e8f85f921ef0505fa6a7df61be19c296e4a2485fa84048e4fe91c584d7b3db29b3038e1b796ecc738f190025a25a848c3f2d0967

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\52MQ59VC.cookie
        MD5

        2277d46f2edfa2961e5da8adad82f85c

        SHA1

        7138f40f59a8bb4fec1db165a9a4fb780adfc30c

        SHA256

        3a78d33f61df2c1e4cd4801dd0ab0b55410dea8b581d46033ba0551f856bd63c

        SHA512

        88f672731bf4416491fbf6c2d770c78a2ca34c2dee17503944d09987718be23c253f178a3b5572b75c24d1ec7db042e09a885665a69e72022b6eff3b07867d4b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BCEEGCXY.cookie
        MD5

        29ca834f9170814adb77b3f833d63f44

        SHA1

        4a06be4ab3d80a738e09e07a35e35d4cbc9160da

        SHA256

        31d2d46612e86a463ba2fbcdc1f6e828c2d233eb8f54efb3ac67bbcff10bab98

        SHA512

        f728428922fc6aea41342b9648c5d707c1f796bfd2739c60637f72cf72024a87da4247737a0a379975fe883df20c40798eadc00d8639dee580a29b675d3b0332

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IRK3U95C.cookie
        MD5

        8c4a7df5fcdb9433bb009fd593319da9

        SHA1

        fca8b09d042d55cdc61eaad6730bb55ce12faf93

        SHA256

        af982c15525ac9d592650c71c5f3e62fa5a00f9f3f5a9f8360de4c3c15fe7126

        SHA512

        fd7133131e741beffc11cfee1235e2efb3d83cdda8df01cbb34a877466d108c43fca40f084c4ab9527962fc227fc6fd0bf3c896187c079f8db63215ccf94b0b2

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VCD78KDS.cookie
        MD5

        06899e3287c87bc4da537c263e13776b

        SHA1

        2b146c5907067abba33d00e8b394ac2584613165

        SHA256

        4fc2535ae8d1c113f0a0c3aeffa7fafbdf844501f25085de0dcb9f334edfffcc

        SHA512

        bc335d9b1785c8a7bd9570d40d97c870c8eacb813d0def25ab75e03aaf62185161d3e683590365e46847e45d2302803813201570873c9fd38af1e5f0f6010ee1

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VQ935IPB.cookie
        MD5

        964beee708c2033a81719346f9a38c27

        SHA1

        a6f46996cb58983f81e8b239193f65411f9cbc8d

        SHA256

        4b29dd88feb31bfef66813cf172b96425cf1f5ec8a2c04cbf79eca11e46aaab4

        SHA512

        c8e030d3d84abcd82526e7c4b2f67e80a84edbe1f6e8911b1ae536e505f42403acdbf07ad030cf261e44f981491a94997f1e49ad85692939204f3b84d7ea8147

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YC576YNQ.cookie
        MD5

        c651e8ce630372194733e6b9f06036c7

        SHA1

        761f31d87cf55e17459cf7bc3db6cd5d91c69144

        SHA256

        5bb9bc15799ebdd43ac6df9a362b66920898ef5da079b91dde6fa6a1727994bd

        SHA512

        11cdeb4f099f1da8e2e648a9a5d7fd74dd0d5f2a4d4a69efa6a151c1ccf2300e90f3832bba0b3bd4e17ad0de3228746f2d784b3a6887898cf78983eef9d7e350

        Download Submit
      • C:\Users\Admin\Downloads\9qeJY2qk5stQ.vbs
        MD5

        f701075caf0437119aec9822bbc79f89

        SHA1

        50f9bb692fe24baeb8041fbba7bd03b5d2d505ad

        SHA256

        ef84622135c13f1827bd720639a3f775179cdf01beffb258df9620b802c9ef11

        SHA512

        fe452104b680c00e75c05b81261bca78a601351859e5ed4d467bef6fb542b52090e6c5bf2067940008d41fd5ac0e8f1f7090b4dfaf9cad084c8fbdb856af2639

        Download Submit
      • C:\Users\Admin\Downloads\9qeJY2qk5stQ.zip.pdagu7t.partial
        MD5

        b00344ce5bb1f26f2c0aee71b316a481

        SHA1

        af96d335d47da4b5153b938c4f23a346d74a4438

        SHA256

        492bd75418a9e1094dabf7a075d68c666239d12a5881417b890ac7fe47f86552

        SHA512

        7adfdc688fb0b94b577a3ea6f684b1cef85dd3db16c63841c8fa7b65222a6fef5497e34072ba985fde7f0c5f8b6d11db72e08b7fd0a54237094bad8e2424309c

        Download Submit
      • memory/800-114-0x00007FFBAF9B0000-0x00007FFBAFA1B000-memory.dmp
        Filesize

        428KB

        Download
      • memory/2128-120-0x0000000000000000-mapping.dmp
        Download
      • memory/3340-115-0x0000000000000000-mapping.dmp
        Download