Analysis
-
max time kernel
46s -
max time network
140s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-10-2021 06:23
General
-
Target
https://forms.gle/ZBvPxhQ4vfDKrAoD8
-
Sample
211011-g5j7asgecq
Malware Config
Signatures
-
Detected potential entity reuse from brand google.
-
Modifies Internet Explorer settings 1 TTPs 33 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://forms.gle/ZBvPxhQ4vfDKrAoD81⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3128 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAMD5
9f4de3adc8d3bd9e34df4a40e92dd3f0
SHA1aaddabeb97f339edfcef64d3c45104db8709d5cb
SHA25683f0abbfbb43b51b8d25aecb05e9e88bac2f0b08ac0f5f3f2187d1a44d4c9e74
SHA512a48fa907c01718b30a3e8b12487f947b93f8115f3dad69c6ea372b5528f20cee55703ac6cd75b6589172bae507d11552c3091d9911199c4027ef6ab8e97ff064
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34MD5
7d8f439095d6335155e32240e659003c
SHA188bd6fd856588c63e2d44172268f6a56d409de53
SHA256351e253517503d89928e731345265a6b90e1d3c1cda22dcf9d1734f2e7f574c3
SHA5127968530b0cdc5a7159809da601ad264672e24a214326c230e09975b4fe8e9d93acff5c3d19a207b3d21779ae468b054ca48f1a5b837413cc577d0d48d8ebb765
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAMD5
64e9b8bb98e2303717538ce259bec57d
SHA12b07bf8e0d831da42760c54feff484635009c172
SHA25676bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
SHA5128980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAMD5
7dfaf618ea1d15c0532468eb0390cb73
SHA107801836abb3385f53ec741e0829478b18af2bb4
SHA256ddee58721039c28b05e633047034574f6c1677dbd82efd0796c6ba318709c52b
SHA5125442164540b37663d1e2142cdeab89084fb428af88660a2e32eb07b08199f732dfcc7b33821aebd1cfde18b95ece483dfbd0ab25a802e7861bb126aaa2ece5b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34MD5
84fe1a09116e8724b9b816dd06b747bb
SHA1135c9294c3c7cc379d5d43251cada4184442b7ad
SHA2566c35aebef7aae45f9245ec2f4a0ecff049d55196a5850402e11679678a979afd
SHA512158eebc5329e2ddb1e2ecb2689779d09c8245fcdc260f5f4741ccb3714831f1c6fcf41323133618d5c885407584da86705b35860b3f771183f05da24afe0be47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAMD5
9bcaf2d4fad80301e351e6becc5cacd5
SHA1a31e81d7d44d8a7d7c4116eaa1d9c0279a235cbc
SHA25609b4dadad22040bd386809d6ab3ee88c534c8d2e93ed6de1d95c7981c4889822
SHA5127fa3ecbe4b5173993d56f025d29f2952d605ef29212dad6dd79ea4eafdc508b2dfbfe054e2211a2e0678645db4db0ceab428e5d5cd0f909af81cc6ce188ec99e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PNCXT9LI.cookieMD5
644976ff9cfdc350b82e1f18640f4b8b
SHA19aaf6f6e76d45c1d8bec94fbb2d44151f2c01e38
SHA2561892965f2f67a4c986d251fda606101f5d4863b74eff8657ff41694220ed8b4f
SHA512ede31d260791d4d9a4eda6d3ea63db06e1b55f1445138febb1d34f6bf146242c00cfbc21dc137073960754d9e51fb49d51cd1a03690b5c971f0e08e7cd0036c4
-
memory/2380-140-0x0000000000000000-mapping.dmp
-
memory/3128-138-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-147-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-121-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-122-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-123-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-124-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-125-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-127-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-128-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-129-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-131-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-132-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-133-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-135-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-136-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-137-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-119-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-141-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-142-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-144-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-145-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-120-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-150-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-149-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-151-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-155-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-156-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-157-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-163-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-164-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-165-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-166-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-167-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-168-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-169-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-171-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-117-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-116-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-115-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-172-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-174-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB
-
memory/3128-179-0x00007FFAA4A50000-0x00007FFAA4ABB000-memory.dmpFilesize
428KB