Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    207s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2023 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1-3TdwCSXkjCIIeOmMTiac4vAqX3kGoco/view

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1-3TdwCSXkjCIIeOmMTiac4vAqX3kGoco/view
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4628 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2600

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    91e4d7712b64a4110e170c0540645479

    SHA1

    67f793d3f426625f72acf703efefc44cc705960e

    SHA256

    19029a05befcf52a40f31e88d9d073fbaa1b6cceaec050e11bab22f307f0923c

    SHA512

    cbf529565dda78743c48e0b4b39f71ca7679cce651afc54d28a2b0284ccdb1e4ffb6b10bfa25d8bf19da71546b48bdd5e6c2ca04e9d83c7f0afdb4c49d1e030f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    d73dfcf871e337fe255229649fa89c52

    SHA1

    302ce2d6794326653a65266477ddb91aa3564e3f

    SHA256

    779bef42b0efc8d956917456c3b3d0ca7ee2507b37c7507c377713e2a55e2ae4

    SHA512

    2edd78acec1ff4a849f754c9782c6204300db338723f2ab1df9f0f5752f5692e7f9c6d31d575981dfaf4f4ba1e7bcf4a5aabcd03ce6ce3b23e297a22a5ed1cff

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
    Filesize

    1021B

    MD5

    2437485be238063f321d6e630b5147da

    SHA1

    c7c0790106d63d09528382361b94be2f2e57fff9

    SHA256

    3e4e599e46de485d1ee08931e24bed0da55d4faf5e685241d44acd9c75b2fade

    SHA512

    ab2a84989256176e24585a76b914a79b754be17356039b5d458338aac3a0d0ae7b11197ce1be86db0f6122f28ccc8497d8d19624c0bc22faa8f89c961c8f98c9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\cleardot[1].gif
    Filesize

    43B

    MD5

    fc94fb0c3ed8a8f909dbc7630a0987ff

    SHA1

    56d45f8a17f5078a20af9962c992ca4678450765

    SHA256

    2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

    SHA512

    c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\drive_2020q4_32dp[1].png
    Filesize

    831B

    MD5

    916c9bcccf19525ad9d3cd1514008746

    SHA1

    9ccce6978d2417927b5150ffaac22f907ff27b6e

    SHA256

    358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

    SHA512

    b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\cb=gapi[1].js
    Filesize

    70KB

    MD5

    b3b4a3ece9b6ffbee2d2cff79c84d92f

    SHA1

    44c99a1dfec402d24601032625bb71492de4539c

    SHA256

    03f69d8a0e73ac4eb0f9045e2f6e1a6c64a629d2472ee3b4c73dff10151d5103

    SHA512

    1c3ec9037fccf9e5c9b4022d95a00a63473c4ec1402a55986e84c23e6138dfff6f8b7d1e72eab34e5e533b93d23525053c936ddeddda6522c177a81ce59036fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit