Overview

overview

10

Static

static

URLScan

urlscan

1

https://1drv.ms/u/s!...

windows7_x64

1

https://1drv.ms/u/s!...

windows10-2004_x64

10

Resubmissions

17-03-2022 11:50

220317-nzwrgadcd8 10

17-03-2022 11:47

220317-nxz14sdcc9 10

17-03-2022 11:43

220317-nvn6tsbfar 10

17-03-2022 11:40

220317-nsw4nadcb7 1

17-03-2022 11:36

220317-nqrfdsbehp 10

17-03-2022 11:31

220317-nmv96sbegl 1

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    17-03-2022 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://1drv.ms/u/s!AnWE7BCdi_7hgxBogqt9g3XXAdK7?e=C53B24

Score
10/10
googlemicrosoftphishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 33 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://1drv.ms/u/s!AnWE7BCdi_7hgxBogqt9g3XXAdK7?e=C53B24
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1728
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17426 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17440 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4452

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    d20df099e6e9e4ebbb6033ec1d2cd11a

    SHA1

    f2e7f2fd47cfc227a0bd18a76afc6b2f279cf586

    SHA256

    9c2fa39468453c70af5d73b426c90f1247e893d818ad8c8fb234aa78d92e6569

    SHA512

    ca3d051f290dcea797a51ad11d65b8ff6a602834e613a2ba4ebc7adb22e3dfcfa9f24b7cdb5df1dd432781e9c19dffd03386a264997f0b71f111ab15f4cdd501

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    cea765efc86786a2a30dc0827de4c3ab

    SHA1

    2203c7c34e00e3c50eca99c622bd821e7fd42380

    SHA256

    1b90da13d25cb28d6d05b7adf10279492d4ab4c8c6010d051ea70574d89943bf

    SHA512

    0f41097bc9ec6b05adc96ea9209e4dcb59aa52776da21bb4d3204171a88283a734c56ebbb553feab88d4ff68c67faaea47ef9668609d444461278dece7c843be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e961a8fb5f56c0e3008289fccabfbb71

    SHA1

    4c2f7c275c796409a9449b4f1d21a1bd82bff1ae

    SHA256

    d1f27435d89784d8150b7cd3e4f593818522509f00008b8d44fbb90603bbd13a

    SHA512

    30484ad71a251d88509e177b30f7aa212c4df3328ca6ac90f8b0e35a0b5e6c93c16cb8f7b9d22bebf5a99dc73e3df77ab4e373f200d337a45b1832123ca4e8dc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    61dff54a19df284bf32d0b78f0845b25

    SHA1

    3cd4a5339238088312bc47d43d5c470edcbdb189

    SHA256

    7c14569485312da46f51e92fd09d0dce07f0c4db52c89396c04769cbd106b0dd

    SHA512

    534575c9abfa0e59e230501b3af37df379bb58f266b4e6e9b2b9adc954c3eead1c2daf468c0ea45011c88faa58b6e3ffd81419057576dc30251335dc495d45aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
    MD5

    dfb4812068b1036a1f9f9078e6937343

    SHA1

    70d325bdd2fe4603cae52ad56e6a8ef8903f3240

    SHA256

    ef7d817b9ece8664f21b470b8cd6168931b8c5156a33012c1f995e8480134a62

    SHA512

    b9ba7c6eb7cba5e25ce34816693e94151a5ecba95e83f31b674beefa02351a861b18f37286b397aa3c517f49b6c454bff9b994a239351bdf7571fbc53383340a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    a07b64735611af601e668d206741d0dc

    SHA1

    f96a87a68a2922b2472c98415c420bc938d1950b

    SHA256

    192fa26b97e4649a107cca2b89491f0259567b2c2a985ccc0bf4c8bd7dc99d39

    SHA512

    9b4e5788d70063c84e2d1ea22becb1dc130d8a02803deb3664ca9129c18200f675355051b21ee0bd1194ef6fc7b16f9854413188a78b5bd33bf3e6e68293b78d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    49c77cd7b8e136eda84f76c126d29d98

    SHA1

    5d16384ac52925da7193b236aedb07e6806dcafe

    SHA256

    8433be6a372b1d778f0cc343821483b1b709b825610435235fdfdea7ef3f2903

    SHA512

    2211ba5be55b45acdd4e08fb517c989edc2e3f70dda500b7449561f8f828fe01178b0d3f99394e16eb044aedacddcc59a09521eb6b047eb0dac83b2c6160c68d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    943271e37083857ffd170bc9c05ab553

    SHA1

    9be0023ab0b5b8224a833880a67767509053b07b

    SHA256

    2be7b191cb5cca7312c3ce02dd5d4e59bb1ed69d48ed7d6639a9ecabe2e979a3

    SHA512

    af2e0c4a9e579cdb6f2841440b6fb38724e42986ce5315420fdaa6715e4095c8e57c21f306933f0f1a8c931972a9b055665694bb12d3ab4dab9c73a0a372a50e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    cc4a1656982cd1db7cece7388c478104

    SHA1

    b253e1902ea5f467faa8b9ad8877270a1fcce7f7

    SHA256

    731558b58b13e870c21fe76826c6b03f06eb90b8a775223dde4982707ea496d9

    SHA512

    a6266b64ce13568e9266fc6a0166bdabb1cf05eb1af6385f1f40b78bbedc2ada7342f2ac4a8c2e32ce642510e4449ee098f7f2145eb3da989de2815a809be84f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
    MD5

    f66c1fc5e147dad2ccc42291ecd04845

    SHA1

    adebb07313392884757b00d805b3e908d2fd65b7

    SHA256

    50f1032b3635bffed3b673c71cff9dfea9a5cad6bb36d4c197da644ca85330ae

    SHA512

    8b066697684dd70a3137063ffef724302b14e54f45e548880e895d14eb1a9b92b64886f91c7b3a40077c9c89830c0c838ccb426708de54f3d231ffb5751b75be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    b39696e2446e736d4c3e25f1481944d8

    SHA1

    c7768f4a56d7323e2881974c5d2ca4c4f2431b32

    SHA256

    afebe3a3c263442494d0a7739b50b85fea04cd74fb14cf375ba5242c813834c3

    SHA512

    4481fc1f5403c908c6e4410452997cb6da7ee20a44203dbf74349bcd000d0ba75746e9d9ea3ba7c9280e020028ab3c0f93e3c94b08e5960b1e985ce88d0e06b2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ves0881\imagestore.dat
    MD5

    d266fccd7d930cee1055efe76f7510a5

    SHA1

    90c8cc45dbc517733c07fd910f36ea1529355d55

    SHA256

    87547efc801f793d8dff8a0db3cf39651874c1c8c55c815056a548f367fa4974

    SHA512

    f54c3cda27300490e929fefeccc32f381e29fa9adcaf38de83cf104ec266e00803674f39f332707af66650886340da06cfd7105264b97712446d0dec195c1fbb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ves0881\imagestore.dat
    MD5

    1419d8495d71c2a507ea52cb77a2f039

    SHA1

    1041a4e15e74b505d4b2e9754dcd7e6b9d103939

    SHA256

    01e5f745352ba1b235b588fff510b9fb5f507a907f91d03b5ebeb62feffeca9d

    SHA512

    c720cef1c0993c4928eab5a9269245b14921f46fd055fa090e7899d1e93313c9c4ab625425f62fa804a055eb696870777c6ae202f0523e8b50cfb28238d24440

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ves0881\imagestore.dat
    MD5

    1f72d2bb8619aa06d11f0dc44d055025

    SHA1

    d19e0bfbd0d78506009dd10ec6115a89802929a7

    SHA256

    4c0277168aaa15659f5287160973097edb2d7f10b34108917021ac1cf7fe7f29

    SHA512

    23945e588a5b57ee5a541281d5c8b6419e0c88cbab9653bb2807716422fc67ff9e04ee45d1ee00c70f232c6b55059c88375fe6e623a6d927f31fa92c7c6e7d3a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ves0881\imagestore.dat
    MD5

    9336e8f3f8e6ff2d738163f02dd458d5

    SHA1

    45b7d1b144e7d078ae802947da50954aea159c33

    SHA256

    f91e16e66f48ba0de78f6994439e4af713ff2a2e1d70fcf59f6ffc143319a23f

    SHA512

    657b7b663e7e282eb886b26aa6ea70d3f8af1e0e7be115ed233796e9d00df9d41302d703605b41699a39cf24ccf0b9d899c6389b6d124b8753707d74a13096f2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YZU4W80K\favicon[1].ico
    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit