Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2023 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1eHyPquDkIMRTiNVtWq_aCISgSkV0zj2b/view?usp=drive_web__;!!BeImMA!-8OKRyXGFX55C8IR4DTkepaRdNXJL63URxhd5dRe-DQ18OUSelOCpJ2IqN7aP6V-X0JXW6rHhw53gHne5DaeXEWK2A$

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1eHyPquDkIMRTiNVtWq_aCISgSkV0zj2b/view?usp=drive_web__;!!BeImMA!-8OKRyXGFX55C8IR4DTkepaRdNXJL63URxhd5dRe-DQ18OUSelOCpJ2IqN7aP6V-X0JXW6rHhw53gHne5DaeXEWK2A$
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    856c42fcc41e6055fec4c82eb761c89f

    SHA1

    a13ad86fd12b9f11cca79f825b0be57f44c8fc22

    SHA256

    cb07236840471054f94b674a01baeb951ee2c6f3d41fc8ece6ff095cc7f4a4e8

    SHA512

    f0b518d3722d59cac9f8bcd2b4a06834debbba94a42145177aa50f4bb8579b3e730155f27fcb58636a7f8d4e74cdebf9a47f8c8cfcf167acafeb1ed976ddb1d1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f84a535d20b640da40b9ccc19b23b039

    SHA1

    7da168661823a7380ea673b3288606563c0c3f48

    SHA256

    3609a196e814bf9ff1a492836af3af1761634d2eb4bab4cddd3a94b20658f13f

    SHA512

    8ee5864bb5c3a89de339c2c7a203239273a862ec21e1cc58c2c5ec6b641604e7802e3afe6d1d33e22f5b7fc5e5e9d3fee08c91e541b964d7eabdc3f09e8316d5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S24MVYDC\drive.google[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
    Filesize

    1021B

    MD5

    6f4571c4f084c4de700447dbc5436f52

    SHA1

    ee47d4e71598ddc3e6122acf9188656561f8133b

    SHA256

    b2e9e59e8d79912a2d20b5e0922f4fb9ba7f0eb48ff90a3bcba8c59421013cae

    SHA512

    905a69c0e816201b82cf958af6230c163ccb58e8df2581e03abab5b8f0472e7f19d2961c8e613e14e606a5fffb0e837c1142d16bf15285f3111516e5c17f0d18

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
    Filesize

    2KB

    MD5

    25da924d91a9876904bf752538f09e29

    SHA1

    02c3a700e416880905878e1742c929332ee37a6f

    SHA256

    b2695e418b46c70a2f3feda1b52b73db06d49fff44c3c3c3b850f709385ec498

    SHA512

    6e998d57205903f024b76fbc0d2ea1fba7250dd3bf65ad85f162e9f141b73e80a1828008fe7636275b2337781ec2e263a8e1d743a65bbef2eba37170b3357468

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\drive_2020q4_32dp[1].png
    Filesize

    831B

    MD5

    916c9bcccf19525ad9d3cd1514008746

    SHA1

    9ccce6978d2417927b5150ffaac22f907ff27b6e

    SHA256

    358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

    SHA512

    b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\drive_2022q3_32dp[1].png
    Filesize

    1KB

    MD5

    c66f20f2e39eb2f6a0a4cdbe0d955e5f

    SHA1

    575ef086ce461e0ef83662e3acb3c1a789ebb0a8

    SHA256

    2ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31

    SHA512

    b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\cb=gapi[1].js
    Filesize

    71KB

    MD5

    532655ad32d7392fbd756a13971eaca5

    SHA1

    3762be5ac389483aa259560db54064a0e65b6dbd

    SHA256

    211e59d3d3dd0a6e43a866197a6214e70da275b60eecc85cd5a8b6a7e9b46d9e

    SHA512

    30153f19ccede229a0a682b35c45eaa762457dc3b862ffde85a84128bc3b849c3bf3f4d41b0ff78b6dc24490d387051f8029e2a34fe0cff55d45370c71b5807e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\cleardot[1].gif
    Filesize

    43B

    MD5

    fc94fb0c3ed8a8f909dbc7630a0987ff

    SHA1

    56d45f8a17f5078a20af9962c992ca4678450765

    SHA256

    2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

    SHA512

    c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

    Download Submit