Overview

overview

5

Static

static

URLScan

urlscan

https://docs.google....

windows10_x64

5

Analysis

  • max time kernel
    26s
  • max time network
    18s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    06-10-2021 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://docs.google.com/document/d/13O-kxEutDn8f24fTLxfISAPr7tluwfVi/edit?usp=sharing_eil_m&rtpof=true&sd=true&ts=615dfa86&sh=-EYinE1fQzcqZIcA&ca=1

  • Sample

    211006-ysf3jsbggr

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/document/d/13O-kxEutDn8f24fTLxfISAPr7tluwfVi/edit?usp=sharing_eil_m&rtpof=true&sd=true&ts=615dfa86&sh=-EYinE1fQzcqZIcA&ca=1
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:364

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    1d3f0b82e86827c82a0f7b9aeb8190d3

    SHA1

    bccc4c8c2ab888fb221826c06a7f61917574ee09

    SHA256

    0a3eb6e8e12fb6af98f15d3c15a4dc6e4204b0094a9e4a20a1ca7c4a83a38b7e

    SHA512

    595aa20b473cbaaf0e639ca492369cea7730ad4d67382f55de666dfb1989fe39cf7242ac3f3b243e9d18c64f7e0d4a2a3df3655626f24d4abb229d884df7d1fb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34
    MD5

    66b603c5114b453aa3c8e1f890ff7705

    SHA1

    244a61bbd4365a909b68bfee392085bb19ba977d

    SHA256

    cd16fe05016559b63f90de2e87612a14bb4c6f7ca2eb6b7781a69cbb2fd7776b

    SHA512

    668161e586bd02920a949b69db00f598ec3b7de8a80e3654d3e00215b7fd8328e562f7a173bfe7760f0c2d508cb8d8e5a2039450a4c9e2d35c9fed523fca3bb3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    f808032a47b00e8c313e5219b9aa7bb9

    SHA1

    4e7c10c2e846750e6377837eb1c3bc27e177f2a6

    SHA256

    e12802e3b496dbd91259acfaf6d634126127b1df765bfcc6a3c15d444a8299b7

    SHA512

    3d4a89e481cb3d8db8f3914dc66088fe4377669c5ac486b800b3493e4a43312b83c3fbf9dbca78550b82f2e429b736a766401a9e89fb3504bd688c9f5554bcc6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34
    MD5

    b90ac2e3733160df932b612cdfa7654e

    SHA1

    623d681a8ae084274652ef75d596ddb2f14226b9

    SHA256

    2a7f40a9549c7f5e0ad7e66555b87385d268605305ac20ce48c373ba3bb7ba42

    SHA512

    a7ab54718df749eabc6cf2b3a7765e718a9ea515886ab6a8e4edaaaaee543a2bae10850e3fd80771a58c31005758496e5881e4da10d65209fa2f76a9065f870b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    8bdaf9e3d49a3a80a0223fb4f7a598e1

    SHA1

    734394f4e81023cc1ffe9eb0e2e07065ce96b349

    SHA256

    e51314a111d483ff5affad7c853d40b985cd668d09824eea49ecf288d7a7b5c8

    SHA512

    0158920edf3c6fbaf4a96a1c105e92e98522bc772c1893dec75897b099e13113b3d73671e287685728796f0087cc94a09640820ed6f250b22005717be09a354c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\002F9NG9.cookie
    MD5

    ef2f375fc4b83d1a0fa36592a24f52db

    SHA1

    f346de668691f09ecbd66d7bb2689602e440ab0e

    SHA256

    044cd95c8f5b6c079516ddf4bf24f8ea76c9695fbd8c51452ff9458d33cfd0a2

    SHA512

    602500e6f8975f8a5eb8d12cc7ff4d572654518abf5b73c25943d72bef8266cb5c2bbbf68f89b3ed9850fa92ffa82a06fff0af3e75c9776d69ca1f9674fc8203

    Download Submit
  • memory/364-115-0x0000000000000000-mapping.dmp
    Download
  • memory/740-114-0x00007FF9D0F10000-0x00007FF9D0F7B000-memory.dmp
    Filesize

    428KB

    Download