Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    292s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-03-2023 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1kE9zSKu2O3q_J5x3O1J1tN3xiu5Z8i6Q/view?usp=drive_web

Score
6/10
googlephishing

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1kE9zSKu2O3q_J5x3O1J1tN3xiu5Z8i6Q/view?usp=drive_web
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1380
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:82956 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    6d4a761d3c47e78013bd6d31bb28d1b9

    SHA1

    4b73cad989783e51ae59fc2cbcd65512a3c4d607

    SHA256

    b8e4f8a6f092c65272e0a090a26beebabf130ebf38f19fedbfe5fc9325e80faa

    SHA512

    1fed188c67eb670bf8f7730624c9cb84f2f6950db4175121c462e5d0d0796c47ace5b6de379deec039f2f489c4bb2e6b453822dc20438c69a8ab6bccb607f000

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    d1c2394de328e8fdd746f216fd625c7c

    SHA1

    96e662fd61c6829b5df3c952d0f2606019351b90

    SHA256

    b7120a9fe17c0dd07d7dcf3abcfbb8575d8eefa072b580a9276bc187fa5b9050

    SHA512

    ac10db7cf61cf8ce9012cc8dc837288208be2f481f737db984d5afe1488717f46140d0cafaf30254ca5a8600716a1620ebf278dacdab629148cbfb9f4731cbd9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_A02DC9CC0839D073B45679B69E7E0F87
    Filesize

    471B

    MD5

    0086fc6b6b52670b2d7ca51fc65d8d44

    SHA1

    1d906db50d0373e0e3e1e85031de970218264f4d

    SHA256

    24a9078b3b1b7b060c8e68777d0baaa3651c18cebe9107a2598f07981086f830

    SHA512

    5ee4f91cc9e1f131fecdb28fb2075573010fb6bd5d01705c85920d3e82f60ee3f867048cd24b209e707791889f8d188d50adb704326e9f9f24be6bec2dcaf980

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_946BD0A8459296E531C25E347ABFB609
    Filesize

    472B

    MD5

    9446303f24a6e8e8d138867549399aa2

    SHA1

    410a03d7475ec879b8e346f1706aea491e3f1da5

    SHA256

    f7d7017ca9dbdf1822739e9baa6f34868504e6ce0d827aeeef82517c5db72960

    SHA512

    77ca12a9805b5400fe773fa35ee643a4fee64a65f2d9c95ba3cca88b0bb42a5006afbd7b34d24c45ebc9d2556a2f2d05f3a06f5d767bf765cc44dac13862497f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    7fa82f11163a8029076fa7cc86b2c4f3

    SHA1

    94e26f806f3cd6199ef9041c35f1ea7968beded1

    SHA256

    c39d019d3b05c8f3092bec54108630d4cc165df7d0e3ebe605c77047a6ff21c5

    SHA512

    ad831da750529991b95dd719a5b59581639376987a2ddb2fd18c2108233552798adf75c45cd705abbd4ef6351d935fe4f78dde296d431e078462e5294fbb7738

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    6c652c516662667e4be99c4f39d46324

    SHA1

    fd6932877a8bf50f4de3255c108a4eb1aa8f5963

    SHA256

    26e9ca27421c7fad6d0694ad989fc680e393a0978b72279fbe85179bd22b5925

    SHA512

    0d144e432d35ec2eb0d15fb0c6283cfb11a9990ff183eccee9f994678ee1ecf1e7dfde6d6133ff0207cb69d948edb712ce0580e72ce72e64457d92b737226f9e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_A02DC9CC0839D073B45679B69E7E0F87
    Filesize

    410B

    MD5

    e3d598d0b76b92221e4730eddc1f4ae3

    SHA1

    8efa28d32d55fecc8c588d70bf74039544f36b22

    SHA256

    12fb1979d5edf7136afd33d3699035a6bb022bb59db6776248f34bb761ad2755

    SHA512

    ed9b74c29130e784cc8482f5cfe30340603fe2a15964bf9793340641e555ad4fa34adc952e796f1f98887cb31066f4c6b5db4513ffb5c836e8eec59adab36345

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    aeffb82f6e42b7d12f0710b991aac4ec

    SHA1

    100c656688066a33c4930948d93113ef53f1fa85

    SHA256

    2803bc034ffe13a237cae9067fbfcd5fae4cad465ee90de28fa63b34e887a3ac

    SHA512

    2c52327e86493924fc59d3c928dc47430bb6215db089ba699772b1a6fb3ca7db288d773f7ce99e35c4069c833416b116cc63f76d5c6cda2fc19e15ef758aa35d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_946BD0A8459296E531C25E347ABFB609
    Filesize

    402B

    MD5

    64022792461653f394bf8d49f3b09066

    SHA1

    694f377e7344ca231449fe4524fc8b2dcdd55335

    SHA256

    df9ec9cb4df1b35a275ee03bb1bb3093580d04aac9d398304c32ae3ac272f5b1

    SHA512

    bd7c22dc9de9b715bd646c610b4bd7c255286556cf7f6888c82878cf2204505eaf9dc12d625f8b7c2e0ac769b1a6f3141c7ac9b000ab5e3f17239a46beb5f379

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDD93.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    5KB

    MD5

    9622214ea097c90be029fa69f329eedf

    SHA1

    cafd47c72f6095a8e15e7bd282ebe21ab1e5e82f

    SHA256

    6a2c3ae3a41b1c4a22b0fa9c10ce2f1a710f27bf853546fcc3bce0546e6cecca

    SHA512

    773658a5c6df0cd6a3c1a4fb49241917a8ffbcdb126c6df5d4873394b14c5b9ac9c2035f1df27eb54f46f92802f07664514a42d82d0de17b0d3f4a89c64a7c5c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    11KB

    MD5

    a307399d2f300529e137053a71cc81d8

    SHA1

    57530fc1b035418fc5bb1b2d4ea560eefbe119bc

    SHA256

    791c75eb214879135c1cd4f5ac4342995064eadda421c6117a670b278170bca5

    SHA512

    b37fe3bb1b3d0f5ec0471035898564cb5ad6efbe9db7cf1177ce84d1464e2f15b32553fd8ae67a6d8d06409781d74f07a9681dc1394c56258f4fd32c4ce131f8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
    Filesize

    19KB

    MD5

    cf6613d1adf490972c557a8e318e0868

    SHA1

    b2198c3fc1c72646d372f63e135e70ba2c9fed8e

    SHA256

    468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f

    SHA512

    1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\KFOmCnqEu92Fr1Mu4mxM[1].woff
    Filesize

    19KB

    MD5

    bafb105baeb22d965c70fe52ba6b49d9

    SHA1

    934014cc9bbe5883542be756b3146c05844b254f

    SHA256

    1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

    SHA512

    85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\analytics[1].js
    Filesize

    49KB

    MD5

    54e51056211dda674100cc5b323a58ad

    SHA1

    26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

    SHA256

    5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

    SHA512

    e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
    Filesize

    19KB

    MD5

    de8b7431b74642e830af4d4f4b513ec9

    SHA1

    f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

    SHA256

    3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

    SHA512

    57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit