Overview

overview

5

Static

static

URLScan

urlscan

https://bitly.com/3p...

windows10_x64

5

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    15-10-2021 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bitly.com/3p3gGd8

  • Sample

    211015-raba1sbad6

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bitly.com/3p3gGd8
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:214019 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2352
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:214021 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1060

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    06f9941ca26951e04e120cdc2852d6d0

    SHA1

    10e87d65a83d2bd278d589bfabf5e58cd77c3b98

    SHA256

    ff7015381806fb12a7820ebd293c575d74c7793ee32624e77221f3b79465ee9b

    SHA512

    056e10517e46df75d894dcb933fa6f97c8b8407d9854897007038c4118f2fd06412e38ca6cbe8a39adc465bf34f543517c109d44c8d6248cdbb4330d2ba87abb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34
    MD5

    c87f0db27d37eaa2d241824d2e6393de

    SHA1

    930dbb49c6a3b687341b0d79751c379e11963a6a

    SHA256

    9fbd599a7ddeeae807fe6fcf67574564b225591aa43eac21d8d0a14de3c1587d

    SHA512

    da761d57a1608a34a3a939bde2bdfffeaea5bae014677979c4908a5c777f457dbb2c7df037be6fcd365a1a0d2259f309daee2f85a28b33c4f0b0bef1f7a5710c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e77df4336e43ff8a70847cbcc5f939a7

    SHA1

    b28f11427e606ba4cc1bfce79efb29e7f0abeda2

    SHA256

    aa76d3d0cb3f7ac2c8f59984ae0c0251494be87c2d785d880a470c6223c3e706

    SHA512

    3820d6abedcdd01df2a5426f97eec04919e6fd1b1e9817c86aa23801b8cdf976ab677e9bd0fafc3214659329a4265f9fb5d35a67cdfe62f704977abdc5007d0b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    MD5

    cc96fe2b0aaa0e1b02d11d536cfa4810

    SHA1

    128b0af1ed1cb75ebf52bedb24ae967e44773f00

    SHA256

    18404f20785fed9639b36e156117b64264a81bc225b777ae4a178b63d45eca6f

    SHA512

    1593a446d0be23d373933dd45e7f8c2fb6b1339b0e54ded70ea58c1d7d9b0156b707445d1f7e470e6ab751844528f90279b6ee703eb6ed565dedc57975fd3d54

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C86393F4663BD5F851FFF03C21A82510_CA95C0AB354F4380D40986D9E6A89C14
    MD5

    6b7960fbb072666941343f041a6cfd4f

    SHA1

    aaf8cff0b22f6776f5bbb014121fedc6c4dac2a0

    SHA256

    e76c02e77d3977f4cd18427802d6accf8aab7a5342ff42a58faa915001ad4420

    SHA512

    26db3f8f11f6a18b69fb7ef2c09e0f1690582ade07f462af8d2c4cf47e6a334231b42f7642ed4270418cd17960f624769d1dac1da807e1ce1e861110895ac330

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    4ce1fc7cf9bb7de2d3c062e22f07c4f4

    SHA1

    1241d4ec136693aa92c680c0e48147f21f252d8a

    SHA256

    e9b1fc926579204507bfe865cff620916c23bf32f8ad8776e76ae3a63d6de2e4

    SHA512

    b19ae32367127070e248f3acfe3fddeb649e3eb708ba7011f701afa4d67f0fe1fbc7aa724b13af5b9e07ee86d0892bdd78fb1b298d574dd7e41b7a239dfd753e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8A6A7E24EA4C3355B6BE43AA2093BF34
    MD5

    6d2f47b85b263e55e6a95d6c98a8d12f

    SHA1

    debfa6dbac1259d0883681bb7e0e35ccafa51d5b

    SHA256

    59386fd81c034608a4dc0170c01d91b39d4935368b4ba970deaa2b89e56622a6

    SHA512

    2d94d7380d3de98b40a5f21a80b3c56bb5bfde15ea052f17f0d23b73b40f17505485edcc94ddd7a5510580e55603e53070ee88c2f86a5ec68e0bc34f30f8c017

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    33375ba86c2faf7c35a2f39544734f87

    SHA1

    a786f2ad984cf1b333a5b25ca1c008e3d1da6ac9

    SHA256

    cf118d1e0aeb87828cca48bd69a984d89393a3f2fcb83c2ef8545d6b2d7edead

    SHA512

    89224dffa42d964cbef90d3ebdb837a5bf54fc48b1261d48c922f69fe0cfb5e790ed4b202cd38f6ecf7300508990c077b438d741d90152566cd0470bb1d275e6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    MD5

    974bdc4e2a180fe110865817920c1b2b

    SHA1

    9db859652fbb587e945fa3fd3ea733cb5d46c6f3

    SHA256

    15c27707dd66389e2216fe0548deb43f75994ebb87207dea043e4ed775df60d4

    SHA512

    cafa36a714e958b9a5700dc6d9d36ee5ddf335fbc7755ad50b84b9ef71efe9f17f44864e161bb59d777987252926dcac1fed33f746c608ac33ccd3de40a5dc9c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C86393F4663BD5F851FFF03C21A82510_CA95C0AB354F4380D40986D9E6A89C14
    MD5

    a3011525480cd42b972cce4283b100f1

    SHA1

    99b77bde59601c46a74566db4ea7d34f1e9eb9bd

    SHA256

    d139ec225c520f373d1a314d17460583a4bdfa6feb71095171749571e79570cb

    SHA512

    1d43fed505f545bd2776071bc5aab582884f5cfa1088d5dc138d65bfc55b5fb09e98dd223aaa11fec292952aa3af461623ddff55eb38b5c4e1b4265fd48dd437

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    763687e923a14fc3a6011e654027b867

    SHA1

    a5ab5e0b05ccd03e866fb9d8a59f980310bc06a4

    SHA256

    e08a2c8d155e83a17367348e94b3de47fd27b3df0383cbea06c826570a830fcc

    SHA512

    574a93a9791ec7ad7019f726e3216ffaee05b01e4bfda8101d7c1b539268315b6fbec683ec8350fa4f3109a140101c35ff916526f799e4b8e302862d8649d65b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5CMFYDQG.cookie
    MD5

    8f008f42bf0ac53385b7a7c4fbd30cb6

    SHA1

    15a0fbc8544b91db22f44c825e7d5a116078ec99

    SHA256

    339c88299fcf92bf55fdbad21eeed92a2376b42b875fa2152ffde05f31ffebbb

    SHA512

    4a3909be7da3302012be2f59151b293d04a6d2879aa1192387951e28611fd7ab43c76adbab15009e408c93105718028be0d28e5b24df309be5e1200004850eae

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ASJ15RP0.cookie
    MD5

    b3276e1384f9db3ec99197445afaffaf

    SHA1

    6d8b899d07a224e00273188a37dbff7762de1449

    SHA256

    e9f6050e891bcc1594a1df3ad1d0e38f697f9bf8eb96486ab7d1ccbf9909b4fb

    SHA512

    d4c4787afcac70587d19688bc722c15f5d92de06f7a6448fa096fc46f28103a1b04197b34609d409d64780cafc5be5b48dab9948ccf2820c65343524365b3866

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RY3IEBD7.cookie
    MD5

    1fb3c772f3ab0c5c30d00830e46f2df1

    SHA1

    92925775222c3778c1c0782813bedad942fad8e0

    SHA256

    e55e2e73605b30732eb3b06d3075689493b988103b50b5fed1eedca35774af53

    SHA512

    2c04c760776aaf19c08e36e2445827be8e11099c4ba0ae6829b6f2bd91eb3a39ef9fc85359539e67cff5cd64e8a33fc1a20d9a57450d6f17543d3e2922bf6a61

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UCQXNCYJ.cookie
    MD5

    6bc930031281adfdc44a7439d3a00e1e

    SHA1

    639a727ac8e1a2fad5b006df22c22c6f26c1d02c

    SHA256

    f26ea49f55fc6bff542f4abcfa237aa89b1f0500b8a61632d6f602c9aad389f5

    SHA512

    e29ca48a3e6f3495fa8d252ccb97d4ec57d2014070edb01a197bca829afcf60b1ba7b7c19d87fcec0dd8a80209a17cebdc4ebadb16e728f890352af11aada2b7

    Download Submit
  • memory/1060-207-0x0000000000000000-mapping.dmp
    Download
  • memory/1272-140-0x0000000000000000-mapping.dmp
    Download
  • memory/1556-133-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-136-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-137-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-141-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-142-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-144-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-145-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-147-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-149-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-150-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-151-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-155-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-156-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-157-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-163-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-164-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-165-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-166-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-167-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-169-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-168-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-138-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-171-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-172-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-175-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-176-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-135-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-115-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-132-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-131-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-181-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-116-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-129-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-128-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-127-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-125-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-124-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-123-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-122-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-121-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-120-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-119-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1556-117-0x00007FFBBAC30000-0x00007FFBBAC9B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2352-185-0x0000000000000000-mapping.dmp
    Download