Overview

overview

8

Static

static

8

URLScan

urlscan

https://firebasestor...

windows10_x64

1

Analysis

  • max time kernel
    70s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    28-09-2021 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://firebasestorage.googleapis.com/v0/b/odrv-3c4a4.appspot.com/o/Index4.html?alt=media&token=b2f6a293-2a6b-4ab5-8647-753999ba36c1&data=cmljaGFyZC5zb0BtZXRyb2JhbmsuY29tLnBo&attname=Swift_copy.pdf

  • Sample

    210928-vbdz3scdhr

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://firebasestorage.googleapis.com/v0/b/odrv-3c4a4.appspot.com/o/Index4.html?alt=media&token=b2f6a293-2a6b-4ab5-8647-753999ba36c1&data=cmljaGFyZC5zb0BtZXRyb2JhbmsuY29tLnBo&attname=Swift_copy.pdf
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:876

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-114-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/876-115-0x0000000000000000-mapping.dmp
    Download