Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2023 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/u/0/uc?id=1sDryYSryy5AYqxpgm9HMtneOJ0LRk26v&export=download

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/u/0/uc?id=1sDryYSryy5AYqxpgm9HMtneOJ0LRk26v&export=download
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3040
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4764
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_spamton-g-spamton.zip\spamton-g-spamton\Shimeji-ee.jar"
      1⤵
        PID:2816
      • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
        "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\Shimeji-ee.jar"
        1⤵
          PID:3836

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Privilege Escalation

        Defense Evasion

        Modify Registry

        2
        T1112

        Credential Access

        Discovery

        Query Registry

        1
        T1012

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Web Service

        1
        T1102

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
          Filesize

          50B

          MD5

          bf63a69f8b71bb319fd7e36e94b1a54d

          SHA1

          5d9095a3e984650d4067af45e3ad5e425b9fed3c

          SHA256

          98b6017fad26f8b796f1a0a05d3c56a52f3435e95a9bb303d09d722ace29c33b

          SHA512

          083386c65d36d780d80380a782a32fca73bb1ebffa73169778cb3b274aed2ff38a920ac348dc84a7e25f5accfef7a6428e5c40ed4878d73dafd61c6a82deedbf

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
          Filesize

          1KB

          MD5

          9f82c0855d1216b303f6e74f2f2072ea

          SHA1

          ae240bf4f9deb8482ab88076f47f0e4d4f943247

          SHA256

          e2b10c989425e5d1ee6f3baaeb4af8681081ad2ffcca180d449459d067c9bdd9

          SHA512

          7155e4b2bedb4d1da65651037c225fbbc255260052ddf08cd890cc34dba46b302bbbdfed38a293aaec399abca0c96eebe6e61fd5dacce1291d72853b69dc731a

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          d22be18b7c2905da9dfb7125780ebd9a

          SHA1

          6e400874e9e107467b509cea0acff06c72b21344

          SHA256

          0addc0a88f33e6b4419b37cba0ee19fd8bab20ff1007eb26bca6b17f59dfd20c

          SHA512

          f9f07efdc888bf4489819e93e854b5b3e059a62180ac25c102a9e687a2e6a0c83fc2f480107e35a0a5e52846ee5e809a4d1d8af8c76155134cca2c6a5bda5405

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
          Filesize

          416B

          MD5

          2af7710ebe232e8b5f177061c8ab273b

          SHA1

          7ce28f69615fa00d96ad5ac061f58dcac3f8e7ad

          SHA256

          06370f967bdef42bdc5a5d67c319f9b8805363680a9599f5ef27dfe23bb94dd2

          SHA512

          314328d1801bb7063b316513128a1df273765467b2608235163e232bdf63a9f461ccbd8e6a50d1e5994d29e1834984c0701b22dce3b58e2f378d7aacc6da7f13

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          10fb7ad69078c1f4a3df19d172be89c2

          SHA1

          cdb051dac272da9b9f9b4ea3dbfe53066fe05b63

          SHA256

          d2949b6092c2c03a660cbe60d9eecb34fc65bda70a9eb5f1d7a78c9300288e61

          SHA512

          5afdedb58c823c7cf9d91bea6136668b9d2eea17e8367822a498e74aa43e485a99044e20d6de8fa83775db6fe1c7e99b6002f6a994cbec8a5279a4c85eb2772d

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.dat
          Filesize

          1KB

          MD5

          62f22023fc5a510d97c4afaa103766f2

          SHA1

          e9c321686056901e6e7c6d93b1ce66821245cc1e

          SHA256

          f598af85d5f40aa4a5f42b9fc5cc80efc1c46001b8e14b6b58200e0a88de34a0

          SHA512

          385e2baa745425fd78c04305328832b6e2b0c49a05989fc9779bc923725309430d42bad08e0d29ab818e9cee931575620548cc9ed6fc16f3d5a48db036a6a9b1

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.dat
          Filesize

          6KB

          MD5

          49a1a32cbf40e05bf3badfd3b8811942

          SHA1

          3089ac27313ca92ae33c949e43fcce96912f4625

          SHA256

          2634c79e08bf08cee3c43c5084234e8054f0f9b578525e96a58f2c2f2ffc97a7

          SHA512

          2f94e694da96998a3ca798ba031ffdd432889d0a5721df94819bb4df0f8e45a9f01720b5fbc8273a5430f588db4867b7cf131adc010d3305cbe484c1a34cd4e5

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\Jo5YzeklbXB7TbnGwksk82vNuWU.gz[1].js
          Filesize

          1KB

          MD5

          6f8f957cc14471d1deaa886c119bfc31

          SHA1

          38b61b10fdfc9ccc4e3b7ef44d00e25d7fcd6986

          SHA256

          10455402c4bee3a0a450116f9b0844222ac401e9b826e4ccdf3267a1f38bfc6e

          SHA512

          e199a81783802267d2f3f1f26a151e4c9d114366f412f998ad05ca20e4225114a3bd8c2375035af942dd3f175ba989c076c7c6a15541c09658551379de07108e

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\drive_2022q3_32dp[1].png
          Filesize

          1KB

          MD5

          c66f20f2e39eb2f6a0a4cdbe0d955e5f

          SHA1

          575ef086ce461e0ef83662e3acb3c1a789ebb0a8

          SHA256

          2ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31

          SHA512

          b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\favicon-trans-bg-blue-mg[1].ico
          Filesize

          4KB

          MD5

          30967b1b52cb6df18a8af8fcc04f83c9

          SHA1

          aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

          SHA256

          439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

          SHA512

          7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\qsml[1].xml
          Filesize

          487B

          MD5

          2fe0d26f894f2346217856b18855eb18

          SHA1

          29c2fb7a221274884019f0c50efaad6e580740d7

          SHA256

          dcc51471bc6bcd4e3d4701e47ec58ae980a868a8d3f137f23026b209e48d5ba1

          SHA512

          3aaa2eae52f2e868acd966dfbbd1b80d83917648f6f54100a1df38df8745ef5efb0f17ee1d31d52048952d71c5e2d8df32ffe328ffa3cc63a405776670ad2f13

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\qsml[2].xml
          Filesize

          480B

          MD5

          4bab8286dc402c779f31c80609f0cf3a

          SHA1

          518ce82faeacc74a3e10a155ea02bdfeba6e1c9d

          SHA256

          cef3b00863f0fb202ca632f8cd0fef69400c2ff23625e13b4d5d8af79783a461

          SHA512

          65cb8efac6c16abbc5acf1afd4cad2f37025db20698f3ff6e7a06c2530f78a3a7392eec8e6dd5c00a56466469c6e86067c793db55f91d1b40f4682ec1c7de81e

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\qsml[3].xml
          Filesize

          494B

          MD5

          92568e0f8c6cdd57817a3ad1d768ed77

          SHA1

          60854477ef61ef31334d1255e9d21a4458028025

          SHA256

          1ac647bd3ba6b55b4ed9bede2bf68d2de12b89aedbd2108043bc3485456d3080

          SHA512

          ef5c3bf7e3ff9bf2f1d3e1c0acaba95c1b02b629e52a30461255c664d47e1dfe16cf367213e9ec90c0a6a7caacc7de67054baaf75eb1cfc278e24326e120341e

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\dzjM7TFdAzHGx9vzYbreVP3yx-4.gz[2].js
          Filesize

          110B

          MD5

          52aa469570e7f09f519e54bf2e359b2f

          SHA1

          2b456eb123f98577a6619457f673a1364a24b4ce

          SHA256

          30987f9f364b9657f3dee75e6365079b30ea3a166c5806d2aa065ee9a451cd49

          SHA512

          716a4b3b5d3633a8d2186998756b4a017de38a40ae3e552e2fe7ebbc22f2b01f53662436b779bd0dc0436616dfb66cda2a71ef0b7cf8eedf5ed4349442d05712

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\qsml[1].xml
          Filesize

          481B

          MD5

          669b93573bc59bc1bf8850dcb7b903cb

          SHA1

          59b02848ffd55f5cba204a7c8e847af9171b4306

          SHA256

          76f830b1fa13e51a10fe8ab81d235e16a2b2589362161d0b3ad354b7b443166a

          SHA512

          04306a3b55cf083367dc8ad778521eca5870da9cce7d2dfca5793679f00ee1f4fe9f39f1d9627fd49f6be8ddf1c76b36e455ff45627e4190e61c0dac88633749

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\qsml[2].xml
          Filesize

          485B

          MD5

          625150b42a9d936837f7b20e45293931

          SHA1

          cfd3cb71375fa8b02f2582e641163caba9a85f7a

          SHA256

          83718b02cb8f6d4cf6b5bb73d4ae85b1378d8de5e72ed65c2511d34fa16fc9de

          SHA512

          1caa6a10eb681da264394079600135ec8a991d736db67b99dbbcbd8faf179d71a9b72a57edbd420357b2cac265688db9b3ed57cababd4ba7630e6d913ccec8f9

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\qsml[2].xml
          Filesize

          510B

          MD5

          b72e7381fd16293bf74970eeeccc761d

          SHA1

          e393840ceac38c2e3db3186ef77680afccb32676

          SHA256

          de9b4badbe9e1c8132cef009f26014b37f826c24004f0a734aefd57e954d8a41

          SHA512

          0815ef332b6a6b053477fd7ceb886b5ef7d070fc38d67c30ccd3dd79965f6642f079b439535056c5809c3921e70ce55fd45dccdfc2d12849cee044405b5fb7bf

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\spamton-g-spamton[1].zip
          Filesize

          2.9MB

          MD5

          222a98030b56369d2fdd8419c5d352c3

          SHA1

          36dc122218374a72157426e0fdcc419371263769

          SHA256

          c7fe2b25b969cc4ee510f39d0472f48a054a0b8afdcb3e47959576b605162882

          SHA512

          0ff01dd2a187e3be3153938b9f210fcd88d0a0ed65b8245f27390fa8734a9edbddc5967ed68d28db5ac5e5f169d0c3c0e1984fdbe6bd0c5765f32f932aecffc3

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\qsml[1].xml
          Filesize

          502B

          MD5

          2df66279b687d6c9d5e13ea075a7da33

          SHA1

          87092715d311d48a21dfdece0ffd8bd1b1bab488

          SHA256

          10cbc8976250eb34a7ccc8b1ac2df8667664d6f582bee258850f0dcd6f209032

          SHA512

          253f3d6cac41ff5b926c59ea51bdb25ddcc6081b3a9962ed6dd07855982729c2e5523c58fafd730fde33acc7dc7afa3afd5415ccc741fd82621d06facbb4e204

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\qsml[3].xml
          Filesize

          505B

          MD5

          21a581cca5a7133db0999acc60e9c3d4

          SHA1

          6dc509b681208bc777a19718b29d4b71b5f913b8

          SHA256

          a3dedcc66ae249f23815265d95d8e88d76c749e0261ae5d6f8e7062d90544f53

          SHA512

          df6abe57710395e63ffc2e84d02172c2d3aab0c5dd9dbf20dc5f75db4759100c8fc624848eb84d00235c3de520265779d683ec51d2610ad8a4654af91b70fea4

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\qsml[1].xml
          Filesize

          480B

          MD5

          aea61e993c6532021845fde721827374

          SHA1

          557b5a1dc35eed89c8bff7dc3388b5ff78dc7c69

          SHA256

          3566d6a068295ad418b19b0b49abf9305dcfd9bbb177b41c40eaedec22b9da36

          SHA512

          91fd1e8b20ae6715d24547c40e02b41c5c92891db11a1a4d2034e083ced35710d4aeac2d3a06b5290eb1341421feb37bdd6a489dce44453c6a4c2872e703f889

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\qsml[2].xml
          Filesize

          525B

          MD5

          b5d5895f2df084bded20be30c4d0f51e

          SHA1

          2de840530e383ee7aeb3c81b9842a2a9b53ce426

          SHA256

          3dd70f7be2a992c47e7f6b6692d3d4c5bcfe28e6bcb77ac859f8fce807affaf5

          SHA512

          4201eeb3a9bf8748188a803c6c0d31e74267306d76743c3da49451710f889f2697ea1b771d282a383d388f16f431e51b64a4184c923f8dbbbf991252af108cfb

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\qsml[3].xml
          Filesize

          524B

          MD5

          1c905eafc120edc65cc269d6293ac305

          SHA1

          d4f098e53713ff65faf8bc10ca4cb345a9134c00

          SHA256

          96316c9a90e6e8730f6f50b161c49923a2567fe5c4322f1e86dfb4dfdb458b3f

          SHA512

          b67c9667ebd27b270f277bdb52b5783170943a92e0bbcc7cadf9132d31489f8b041f00ec51a31aed5683073dfd3e6cb03113363b66f273d7ff8cef2f544bc174

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\spamton-g-spamton.zip.48w0q9d.partial
          Filesize

          2.9MB

          MD5

          222a98030b56369d2fdd8419c5d352c3

          SHA1

          36dc122218374a72157426e0fdcc419371263769

          SHA256

          c7fe2b25b969cc4ee510f39d0472f48a054a0b8afdcb3e47959576b605162882

          SHA512

          0ff01dd2a187e3be3153938b9f210fcd88d0a0ed65b8245f27390fa8734a9edbddc5967ed68d28db5ac5e5f169d0c3c0e1984fdbe6bd0c5765f32f932aecffc3

          Download Submit
        • memory/2816-202-0x0000000001190000-0x0000000001191000-memory.dmp
          Filesize

          4KB

          Download
        • memory/2816-199-0x0000000001190000-0x0000000001191000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3836-214-0x0000000002780000-0x0000000002781000-memory.dmp
          Filesize

          4KB

          Download