Overview

overview

10

Static

static

URLScan

urlscan

https://storage.clou...

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://storage.cloud.google.com/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/

  • Sample

    211020-n7r39ahhep

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://storage.cloud.google.com/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1016

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    fabe352caed053afbde96d0aaaa7cfc8

    SHA1

    34387efe887595562fd683f4c16cd79d8ba5f78d

    SHA256

    3ad1001d05f43e4bd8cc10956392fe3403480b89e5cc4cd68dae6aeea4b005ee

    SHA512

    0895e12581db5b71f8032996a68e45892389d23498674a9360d2ec103c86916ce4522a8f6ea3c858dfcc93c321553df02e572c04c7ef8879e566f4223157bf0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    4c02269411cb3239f33982e222d1f231

    SHA1

    a025ffbb98ecf161a01590ede9179e6b9968b3b8

    SHA256

    e810438a4b8116791baae7e4e60cad62b7aa605932e9a25e6a65162ae037d01f

    SHA512

    d984378b5fee7fbcc42463bc285aac4ffb9e60ebf6650a85963ffb4a79f7e6ba3e2b1c1b71188936969bc2f96dccb5b93c7091e896e20c877822f5942e34f27c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    d0b9f4cc5e89993085a163b4c42291bb

    SHA1

    d843a242306c5f87d2bb44919cf546c2a91dc790

    SHA256

    7cd6b4ec6e726c43469ac23448c46f24bfb5e116deca95231ace001adb7376c6

    SHA512

    0166786f9869a249d2e43ab0e72a299c09de259d5d28f5c7e0f168187bc9da874d197d4345ccdf4464c2b3dd855086e87a4b90e660231d986f13351040114fb6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0GPV6AX8.cookie
    MD5

    40a3eec87566abb74f65c0b64f076630

    SHA1

    f24838453863a3fcb461f70577fd87b95a9a7757

    SHA256

    e1f50d1ae3556bfa6766fdee1760493364a99f426a7e43f5f9ee91affe823bac

    SHA512

    69f4eb66572e66ecaba4c08a5263afbeea44acbbf62c447d5fb21d0a647f82ed71bd9ef6486a212310db1ee6c566e75e7d15c0738fe5b8a6151985d62a75ef4e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\H6ZWZG3J.cookie
    MD5

    49087d9f772f58220ab86bed1a65a7f9

    SHA1

    c12074a4b701299615d6fea3c60273dfff7517ab

    SHA256

    cf64cb0450e7f891930b7854ffd90af0bbac19734f0e6ff1b3b862203b308742

    SHA512

    203bb57ce6de08d52659541bd793684610949c44d377129cd8149b496ac5e72480a26485085bf684b93e330b7304a7d5393913faa3f2b18596124fa67bfd3996

    Download Submit
  • memory/1016-140-0x0000000000000000-mapping.dmp
    Download
  • memory/1892-142-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-149-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-120-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-121-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-122-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-123-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-124-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-125-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-127-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-128-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-129-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-131-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-132-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-134-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-135-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-136-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-137-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-138-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-141-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-117-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-144-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-145-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-147-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-119-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-150-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-151-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-155-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-156-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-157-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-163-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-164-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-165-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-166-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-167-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-168-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-169-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-170-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-173-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-174-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-175-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-180-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-181-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-182-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-183-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-116-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1892-115-0x00007FFEB5170000-0x00007FFEB51DB000-memory.dmp
    Filesize

    428KB

    Download