Overview

overview

1

Static

static

URLScan

urlscan

https://firebasestor...

windows10_x64

1

Analysis

  • max time kernel
    116s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#

  • Sample

    210926-q9g26sehf6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    28f3e514f353bd25873a84aeb808527f

    SHA1

    a3c7fa6eefcbf13fa3d4261cb34db5721aee1b28

    SHA256

    3c669eaf705e66de35e607b29d92833029b36bb75ec332e83d2765bb63cfba90

    SHA512

    9b097162c5b25a2f181a02396435d7f7ff09bee576284815e9fdcc893fa9e35766123c5c7e11ef1230becc4e05e11a87b6cd9a24ddda3436ce043cffc668a260

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce98c91d236b64b56ca87fc7186af2c5

    SHA1

    ed75a894a924e03763b46178ae1a6842f91b7a24

    SHA256

    d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

    SHA512

    2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    de27664da1e04c94901fcc3880064613

    SHA1

    aeb52fc87f907dd40ae683c52cf3129d4b27e25a

    SHA256

    7e59ce8a2d7d1e1201e535a3175bfaf239b9f5da7be265c18c5ff1e1bc696282

    SHA512

    2d1e23a6cb1641bb1c393e404950a781cb20e5123c1e85bed129a02cc54b45e84ef49b54bd4a19a0dd48c66693fe119fd4f6b6733c71d34655d4ef67b760fa36

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
    MD5

    b3b0696d2ec27523c6fbaf967afa6e80

    SHA1

    81360fee58617af76f052ea338335147a4a99585

    SHA256

    23f5c00ee65e6c4a2bea51a5ea065736c7deb385cdfac237b20c89483cd47612

    SHA512

    ccf63b9a1e1caa9793c97bd01c6d2884588ccb13ba29cbfc3a40dd47dd55b4b2e6229d54dc1ac8a37e121cece42186a25e3e143fdf064d2779cc7a8955886926

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    2ad5decaee3fa99b6403208fe7ebb03d

    SHA1

    043f925234058466af844ac01460fad7afc1de7b

    SHA256

    fd898b2ce60c9dd95f0c9de0fbf5658941813223b790618512df2260a09c45c7

    SHA512

    de96cdf8b96c216a33b35fc03a6a7c52747009f75a281ad89c2c60c7a7a4e7fb657512312585223097064eede83d30423f0053fd06088850ca38696664c12179

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    06eeab0c9870656c123673435aa4e28a

    SHA1

    35fd28d8c420e8ff3b83d45d1eefe7408521e004

    SHA256

    534f18306d991bd24d2c44fdde46ef0edf99490b9bd64146c2d041e6e4143426

    SHA512

    398382f5e3cebe188de6ca1c74e133e590c5809f8d78d59f848c3e515a1fc41d3c9288b445860e775a127797c61f4277c2c900d161bcb972f0c9e3a37f3d4060

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64ae0c602c49c751305eb69e5faa7385

    SHA1

    8316699d7abf632e3764ce737c107e7c29ff200e

    SHA256

    9d5e761f4cb2162043701450af784a9ee031ac6322471d3420cbe682e550a3fd

    SHA512

    a85e8606fd5e43bbdf0f6fe7be0191f08a7f29b1d2991c5af543d934693d2b8753f469de9452dc3c4d947ac352e650b6fa987ac215e0fe9d9c7c479c339d0a90

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
    MD5

    db3be4d8a0f048bef26b13b882478e27

    SHA1

    f23c33f26aac6c641000c7e047c58f4557f01caf

    SHA256

    a7d4dd37f580b300f3dc099b6507eac18bfeb97a0a91c7a5bb4994fd75e0236f

    SHA512

    208b8bc3eaf1121c879de411f6726edc2244584d82aca24618017ff2a0a300fa04e584289e5be35c652daaa12964f47c37bb52c71553b62e221052ee13780eba

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GWVKYPAB.cookie
    MD5

    e1b1ec0fc8d57d16e36b38779c5207cb

    SHA1

    300f871cc1167ea0e45fc9b09d0db00693501e48

    SHA256

    d2b8694c726d6ee825f193a2506bfdcab25365f9c588ac2802d2feaf16e5f9a3

    SHA512

    d2f7e90082460b0362ac5e5934d32962da35437d53be22f1494c09b5d8429b7a4b77638799ed42816437dba9594b6d8d5961dda7df1d27c9bad57b2cf0259ace

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TIMXZHFK.cookie
    MD5

    e665c8feb81c1378ab7a7e7d4424c2d6

    SHA1

    391fd8616d1b1f978bb1eeed076f8d56ca526878

    SHA256

    f65880ee0813f21dafb71e8f95e538bb9931139cbd76d9ee72d191941a3ad400

    SHA512

    3d0e4ce6e9fc11c4e535affb620e3870c29cbc094395028589e9f78b2501f3ae1982a97c595659fdc465391c5a4e32c1710327e0440434f72e827e4aaec568fa

    Download Submit
  • memory/2348-115-0x00007FFA803B0000-0x00007FFA8041B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2660-116-0x0000000000000000-mapping.dmp
    Download