Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1l76qNf7YK-k_OdXMMaWj6Ta2PK3aWY35/view?usp=drivesdk

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1l76qNf7YK-k_OdXMMaWj6Ta2PK3aWY35/view?usp=drivesdk
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:224 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1440

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    080320bb3fe7e7f860019942e6f77f9c

    SHA1

    2d6f3813b1ed7972c01df6330eb3b0c30339eda9

    SHA256

    9eb11d5a62c35054e50d193211638a08c9b94d5b360f943df4124e28ab793a6f

    SHA512

    9def7fa57fc58af72dc374f0ca010107585a355ffcb3c1d3b99064a455acf3fe8ed7d42052234fe2d042b5ccda8af4ba16a8b2dd882b01f0be7edb8cf7aa8944

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    56ceef2b9ebbe3719a5114438888b0e3

    SHA1

    b56f8a1702a91f1984aa64e8f00a539d2ce3975f

    SHA256

    074d773e207d8368ce1c883c385c112d91d5c211b9ad5d794dde74bfbc6c68b7

    SHA512

    803084d802a963182fb9e6ccade56add0681b3d471e2871be2a7752078a4026fe217f9452d6b5a0113561575a95334377d23a4e85480ff8c31e264ce797f0b59

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
    Filesize

    1021B

    MD5

    ba3ea5be56ee369f6ff931e7e24d4166

    SHA1

    286072293789f387af07a823ab492cc602daead5

    SHA256

    13bfddb82f151cdd85080e4472ebafca550b815b2a85e7dc71ad1c57f846ae7e

    SHA512

    f09fe5262798a1e63ee0ff9905b825111d1b7cb578454788f87ad005c9a9bdd7ff225c637c379ff28bf54bac6fe09230c437ee793916a8f07927d7e34d942bcd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\cb=gapi[1].js
    Filesize

    70KB

    MD5

    b3b4a3ece9b6ffbee2d2cff79c84d92f

    SHA1

    44c99a1dfec402d24601032625bb71492de4539c

    SHA256

    03f69d8a0e73ac4eb0f9045e2f6e1a6c64a629d2472ee3b4c73dff10151d5103

    SHA512

    1c3ec9037fccf9e5c9b4022d95a00a63473c4ec1402a55986e84c23e6138dfff6f8b7d1e72eab34e5e533b93d23525053c936ddeddda6522c177a81ce59036fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\cleardot[1].gif
    Filesize

    43B

    MD5

    fc94fb0c3ed8a8f909dbc7630a0987ff

    SHA1

    56d45f8a17f5078a20af9962c992ca4678450765

    SHA256

    2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

    SHA512

    c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\drive_2020q4_32dp[1].png
    Filesize

    831B

    MD5

    916c9bcccf19525ad9d3cd1514008746

    SHA1

    9ccce6978d2417927b5150ffaac22f907ff27b6e

    SHA256

    358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

    SHA512

    b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

    Download Submit