Overview

overview

8

Static

static

8

URLScan

urlscan

https://firebasestor...

windows10_x64

1

Analysis

  • max time kernel
    83s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    11-10-2021 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://firebasestorage.googleapis.com/v0/b/project-1371461312878258304.app spot.com/o/565435465766446.html?alt=media&token=f1dd7309-5709-451c-8825-a6b9 8d412fc2#public-law@csl.mpg.de

  • Sample

    211011-pm1qbshbfj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "https://firebasestorage.googleapis.com/v0/b/project-1371461312878258304.app spot.com/o/565435465766446.html?alt=media&token=f1dd7309-5709-451c-8825-a6b9 8d412fc2#public-law@csl.mpg.de"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4364
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2348

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1552-156-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-123-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-117-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-177-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-120-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-142-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-122-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-141-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-124-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-125-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-127-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-128-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-129-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-131-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-133-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-134-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-135-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-136-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-137-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-138-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-119-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-116-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-121-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-144-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-145-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-147-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-149-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-150-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-151-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-155-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-115-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-157-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-163-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-164-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-165-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-167-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-166-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-168-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-169-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/1552-170-0x00007FFF40D40000-0x00007FFF40DAB000-memory.dmp
      Filesize

      428KB

      Download
    • memory/4364-140-0x0000000000000000-mapping.dmp
      Download