Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2023 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1gbbSOg29ZAGJCHXokMxet-BgWfaK64Du/view

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1gbbSOg29ZAGJCHXokMxet-BgWfaK64Du/view
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4444 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4572

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    2c2f0d2018f0255ea3c9e2f4d7a4ce31

    SHA1

    1ead0237611fa29406d52967e76eda04853c30af

    SHA256

    53b6b36a8a8196d9e59a40e110ada8a8017a478ce4b5cc98f42f40d25dd496be

    SHA512

    e62b6eb0dc24d77a90fdb5ab7d4fa920e2f0874042802430caa80ddf00011e7fa56cb6aa1d26ec4bbfbaa29b04e8ad7256959c36ae4ef8eb4a31a4d2eb034939

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    cddc98b71bcab43c741b52601e9cab2a

    SHA1

    5f3e0ae3a847314b38ae39e3c5d757166b90c996

    SHA256

    2365c27ce216377390fc3bd3c04f45727be7e3f52c20180d2aa3e743cfafbfab

    SHA512

    70f8245649f4faf91744792c0b177e8568d4c17ecb849ee3319205634b30e3e0b2755168f1ecaefd5b036d9e5e6aa2a2d707f569455a3316291d12acb0f67231

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\414UQA86\drive.google[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
    Filesize

    1021B

    MD5

    0ef0846cd623adbe91e85bc0bf09ac5e

    SHA1

    da7bad6c8b16ba7c60f34c9fcc152a2b52f65f92

    SHA256

    71acf2eb0af8317538e5653948af73b1d6e75a096c64470004bfff6b2a4afd98

    SHA512

    668a3306227b491fa5d6ecfdd5e94d8b770dec6ca68f6ef6894a1f08697a5d97b97e7e00306b7cb021a8b7caef00d7efa900b23ddb6a49827c8286f24a46e23d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\cb=gapi[1].js
    Filesize

    70KB

    MD5

    b3b4a3ece9b6ffbee2d2cff79c84d92f

    SHA1

    44c99a1dfec402d24601032625bb71492de4539c

    SHA256

    03f69d8a0e73ac4eb0f9045e2f6e1a6c64a629d2472ee3b4c73dff10151d5103

    SHA512

    1c3ec9037fccf9e5c9b4022d95a00a63473c4ec1402a55986e84c23e6138dfff6f8b7d1e72eab34e5e533b93d23525053c936ddeddda6522c177a81ce59036fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\cleardot[2].gif
    Filesize

    43B

    MD5

    fc94fb0c3ed8a8f909dbc7630a0987ff

    SHA1

    56d45f8a17f5078a20af9962c992ca4678450765

    SHA256

    2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

    SHA512

    c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\drive_2020q4_32dp[1].png
    Filesize

    831B

    MD5

    916c9bcccf19525ad9d3cd1514008746

    SHA1

    9ccce6978d2417927b5150ffaac22f907ff27b6e

    SHA256

    358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

    SHA512

    b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit