Overview

overview

5

Static

static

URLScan

urlscan

https://forms.gle/8p...

windows10_x64

5

Analysis

  • max time kernel
    129s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    04-11-2021 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://forms.gle/8pLPXPxLgFBBCWz7A

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://forms.gle/8pLPXPxLgFBBCWz7A
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    2a276649c48c9798edf3c34e5ca4ac98

    SHA1

    673fb27211b89efc4ec796017a3787c887a5163c

    SHA256

    27c29537046db2b23b228ddebc1368e6df2a43dbfac8f90f90e094f8376a2dce

    SHA512

    516e00636025b2be73125275c2fed0d74b520b56fe4ae1a3d3fac3e035f7382428f17457c7aa3252342219fedf0b1f741da5a0d98376f8c1bcd4e55a7f84dd0d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9
    MD5

    29beadbcc2cd6b5640654c669e7da221

    SHA1

    de3b32b85a2f5e94615bebe36a16ce51df85dfef

    SHA256

    8f7a1b65aa699833edbba97a9236fd8a6f6b234abeb3e21cc47d27053f47ed52

    SHA512

    591efbe05ae4e00f35a09a0055aba7dd8f62ef385ec7fe2f6ee38e1eff4c721ba49e34753960e4890b5d2593d7e8753256ad826bf4239a23649221d1d5d109de

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    8ba5242aef751edf1e1be7d2b0d6152e

    SHA1

    1e6f58a127761f4adb579048c074ea4b7e20ea96

    SHA256

    c910ef6f89a329f733ffead587016cfe444a8353cc9e0accc813578a0d05de98

    SHA512

    1b4486690a867555466c88f6560220f065ee06e3e7544c904444446df4349f3f9dadceed5bbd9c1f5ef8ca31397ca2955ce1748cd5f2056f781eb84b3d8ab5e9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5411BDEEACC3999569FAE2A91A33551C
    MD5

    cfe01e13f2beee80979868556cd03b5d

    SHA1

    b9ad0d7e46a9e457b0d827c9a76dabde260f0b53

    SHA256

    e325b253f2423fc79f0f6a92aef0c573f9f76a9b733cfdca6828f9b15ce3b125

    SHA512

    af74857499926e0dbf430f9e4e9ece03a61e67bb5b37fdfb4b3cfffecd689aae60fa862541a64d0d928701a1a2ae46cdaa49bca7080626827c2c328bcafd93c0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    e30a034b845e194d293c39f249eda844

    SHA1

    38ef5a9e7d1d2c0aa1149aaba9b2b716d1412793

    SHA256

    08b00d84af6983d181b8aa9393f46e5ecb6b753972c8d07cb942b362a3bc136e

    SHA512

    13bc9fc4cc3249469450d651a38ef7e4ea3827f597f5697eb25383633900e1f307c40874cae089ef62af90823970d184023b6c1a1a762df60b63dfe7a817eb54

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9
    MD5

    6b2f1a81a2bf4bcc77965aa00744434d

    SHA1

    6572c12988fc339330c514189ed3d027774b06b6

    SHA256

    454a619f23490e3a7ea0d7c2795bd646e50ac9a7c8772a9b48c04070d7bb7b46

    SHA512

    f389cd87feddf518dfde0c0a736d7ddc446e656ef3a380b35719c8e0e0dd385e0d58d33b81744eaa12a974e707331fec9c3cea303e766e1c8c74d6da942e60b3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    65fe96bc36f836224e3c25e2c44114bf

    SHA1

    d790837edd2e2c2e37345f355fc876c962936d64

    SHA256

    1c787acaac7ed3afbb4c40ea388bf5d69dafefbf0266a543c52110cb22322033

    SHA512

    e949124ad5cacf270596a81530c684ee84fc7282b2a82939e49c9f3b5f2a133ed7feca25fb387bf23aef1f3fb82a9142d7d04246ac1023d45e34aa326c8b36dd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5411BDEEACC3999569FAE2A91A33551C
    MD5

    b5ac582d9cccf94355fce0c8c7e4269e

    SHA1

    63727c1648a446b9bc4482e25af19343d8688f66

    SHA256

    991bcc4aab1624370afe9523dfc6a48f3caa9161eda15e71c0cce15d0ffce95e

    SHA512

    b44c7a2fa598f38e1859f889d2b9bdabb14103244b6014e2d9cffd28b8c99bd12bea2a83201953af7cf9ae88e2bbbc2c802c2b08cc8c8238d19ba74058d2e030

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    26d7d554d77cbe75546731b0e6049ad6

    SHA1

    a19907771a5bcf90bb22fecbe42002e589b79fb9

    SHA256

    70c4d11b050d1663c39b879fa67d2c9a2c492b0b54a6aff72b7904d7c3b826f1

    SHA512

    2cf4aa85b41bf42d35d5b5798928b1887b19a73eda22532d1bb341860d0bca5010e1f9bbdc5a55294eefe97ec088244080bbde919ea9e6ef07b370dc941a56ed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\26U9ZCLF.cookie
    MD5

    6ebbf81069fc5033400506a149e331bb

    SHA1

    bf91cdef6fbca2d10978a532242aba86377b1ffd

    SHA256

    9392cf166b1e75b03ba5166264829509821fc887d30395d1cd4a63631ec8c477

    SHA512

    e499ce35c940b5580e51db6cab826579daebbcd4c959bb9674c5b84e1530b91228e9189551d43c390f6ded1794bbeae0b198ef831c1a359a276fe9ad48d4d740

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\90G9ECLY.cookie
    MD5

    455af3b6f1f5208e64dfb5019ecb5cba

    SHA1

    a0e8b320e6ea89a78a577f8a2f6e300c4e9c5a05

    SHA256

    3d955f4b1394fe7dc79768d9ceabd1cc209b7a2b1d152b3edd83d43ec0ae6353

    SHA512

    6bc20f24843d4dd8e6f51ffec568a996b73ab1a6d057511280b90b0c02ae420991a1d3204f960ca092e45c6e37d8c49e4e6b97caf2813d95c38e9b75f8eb096d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GBTD9691.cookie
    MD5

    6b507050f14916a2c6890e79451cf21c

    SHA1

    67eff6145cdd820f833ea19b3bc6c32d9d746afe

    SHA256

    fa1e95a6cdb0160ab91aadbe0b9d4935fea80f045a9249778c17b5ffed9ef469

    SHA512

    bf1a9565852e287412dfd2e21d6cc15cac788e78dd779dd1a21a515c6cfe593f5bbaf4877cf84ad0ba0778ebfd20051380e08585f5011ad3c0e47dfc46ff6df2

    Download Submit
  • memory/2636-147-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-157-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-129-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-128-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-131-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-132-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-133-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-134-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-136-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-137-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-138-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-141-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-142-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-144-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-145-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-125-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-149-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-150-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-151-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-155-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-156-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-127-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-163-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-164-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-165-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-166-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-167-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-168-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-169-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-170-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-175-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-124-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-122-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-123-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-121-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-120-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-119-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-117-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-116-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-115-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-176-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-179-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2636-180-0x00007FFB41010000-0x00007FFB4107B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3616-140-0x0000000000000000-mapping.dmp
    Download