Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1kZKfDUF6XLG59nQwnW2qKUnhsdukf-2Y/view?usp=drive_web

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1kZKfDUF6XLG59nQwnW2qKUnhsdukf-2Y/view?usp=drive_web
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1216 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    080320bb3fe7e7f860019942e6f77f9c

    SHA1

    2d6f3813b1ed7972c01df6330eb3b0c30339eda9

    SHA256

    9eb11d5a62c35054e50d193211638a08c9b94d5b360f943df4124e28ab793a6f

    SHA512

    9def7fa57fc58af72dc374f0ca010107585a355ffcb3c1d3b99064a455acf3fe8ed7d42052234fe2d042b5ccda8af4ba16a8b2dd882b01f0be7edb8cf7aa8944

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    a14da4ddc6f02699cc084894c6545174

    SHA1

    7271a78848be659eac3893248571e6ed82141f13

    SHA256

    556aa391a7acc3e7effb2e373d62f9106e96265c4b1c9aadccfeeeb2d833e998

    SHA512

    cc46e18308cadf90a0ab32ea15770ea217ed36b1ad0ca8f79aacdec20a73d84563b245d2d71a2ef4fcd36982e87b0be24cbdba318ca7fb10195462401479ffc4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verEFF2.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cz9baam\imagestore.dat
    Filesize

    1021B

    MD5

    d544cd496316613e1c095ced5cff18e5

    SHA1

    049235732842d8acbe31d21cd83520540df53019

    SHA256

    a01b4c842cbbc3ec42cd57c9a9e50e08f5786b4724f0e3d432e8706cf083c1b7

    SHA512

    321e92ddb1dff1323e0d32e3041b417a630105d8886357bd4ceedc70da0dcd20e52a7f05aca32d9b59fd44e8ca887705c6902705184159a66d18c6fc205b034e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\drive_2020q4_32dp[1].png
    Filesize

    831B

    MD5

    916c9bcccf19525ad9d3cd1514008746

    SHA1

    9ccce6978d2417927b5150ffaac22f907ff27b6e

    SHA256

    358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

    SHA512

    b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\cb=gapi[1].js
    Filesize

    70KB

    MD5

    b3b4a3ece9b6ffbee2d2cff79c84d92f

    SHA1

    44c99a1dfec402d24601032625bb71492de4539c

    SHA256

    03f69d8a0e73ac4eb0f9045e2f6e1a6c64a629d2472ee3b4c73dff10151d5103

    SHA512

    1c3ec9037fccf9e5c9b4022d95a00a63473c4ec1402a55986e84c23e6138dfff6f8b7d1e72eab34e5e533b93d23525053c936ddeddda6522c177a81ce59036fe

    Download Submit