Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.googlead...

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.googleadservices.com/pagead/aclk?sa=L&ai=C8HA19su7ZvTtJLqTut0Px_S9uAPko66Rd8mAnNmZEraQHxABILbh2QRgyYaAgJCk0BGgAaDs-tUqyAEBqAMByAPLBKoE_AFP0LQtn2B-G_1r59loei96AkFbMDLDsXOKE6Y3XjeTzzgY80PItOW51HBz5Ei1PyJNe7QV9OLp4u9DlzbkJRGfhXLVji7j0Q17xT2x0dCXxWo70rGZGdPQc5xNR9Z63kNQDJrkvXf4ZAoVyJjRGdQEe_f3rb67V9C2eKqGZZj2F_0h-0bzVUEq_VQ7tMVGpX4NDsodyrVPakUW3zNLcuPbh4amKd1j6FFj5SS89zcPBqN5ilf4yerhBrnMD6pHlzIdyNTzDK3p8LKuOigA2206tRFvOOCpip-oyeYtVtfcXEp1lq32UrlFHAgfdok4vCKxrhcB09frgH_QEjHABIKd7fDbBIgFrdvY5E6QBgGgBi6AB6Cky7UFiAcBkAcCqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgH-MKxAqgH-8KxAtgHAdIIJwgAEAIYGjIBADoOn9CAgICABIDAgICAoChIvf3BOlirle7n8PKHA7EJ2FW0KmLFR8OACgGYCwHICwGqDQJVU8gNAdgTDIgUAtAVAfgWAYAXAbIXAhgBuhcCOAGyGAkSAt5oGC4iAQDQGAE&ae=1&gclid=Cj0KCQjwiOy1BhDCARIsADGvQnBs2nQMAmLRJ_jyOh395Tuw2gXQZu2IdEx4nSdAmNpxXjrFR26t0YgaAnHXEALw_wcB&num=1&cid=CAQSQwDpaXnfguSJSzuKGU0CU0Cm2irdfizB_rTbKQeiha3gAGd-2NaM8C8hufwTl8SAnIdJE2kj9u9vx6EQ0gW-PtHOSE0YAQ&sig=AOD64_1vmgjlyoiFk6zZRgQGPizmyJ2edg&client=ca-pub-4343851330510276&rf=1&nb=9&adurl=https://wavebrowserpro.com/%3Fsrc%3Dd-cp21149134253%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695526492600%26adp%3D%26plc%3Dwww.dotpdn.com%26tgt%3Dsegment_be_a_1482992455817351819%26sl%3D%26cpd%3D21149134253%26iid%3Dwav-pro%26gad_source%3D5%26gclid%3DCj0KCQjwiOy1BhDCARIsADGvQnBs2nQMAmLRJ_jyOh395Tuw2gXQZu2IdEx4nSdAmNpxXjrFR26t0YgaAnHXEALw_wcB

  • Sample

    240813-z15asawflf

Score
8/10
discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      https://www.googleadservices.com/pagead/aclk?sa=L&ai=C8HA19su7ZvTtJLqTut0Px_S9uAPko66Rd8mAnNmZEraQHxABILbh2QRgyYaAgJCk0BGgAaDs-tUqyAEBqAMByAPLBKoE_AFP0LQtn2B-G_1r59loei96AkFbMDLDsXOKE6Y3XjeTzzgY80PItOW51HBz5Ei1PyJNe7QV9OLp4u9DlzbkJRGfhXLVji7j0Q17xT2x0dCXxWo70rGZGdPQc5xNR9Z63kNQDJrkvXf4ZAoVyJjRGdQEe_f3rb67V9C2eKqGZZj2F_0h-0bzVUEq_VQ7tMVGpX4NDsodyrVPakUW3zNLcuPbh4amKd1j6FFj5SS89zcPBqN5ilf4yerhBrnMD6pHlzIdyNTzDK3p8LKuOigA2206tRFvOOCpip-oyeYtVtfcXEp1lq32UrlFHAgfdok4vCKxrhcB09frgH_QEjHABIKd7fDbBIgFrdvY5E6QBgGgBi6AB6Cky7UFiAcBkAcCqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgH-MKxAqgH-8KxAtgHAdIIJwgAEAIYGjIBADoOn9CAgICABIDAgICAoChIvf3BOlirle7n8PKHA7EJ2FW0KmLFR8OACgGYCwHICwGqDQJVU8gNAdgTDIgUAtAVAfgWAYAXAbIXAhgBuhcCOAGyGAkSAt5oGC4iAQDQGAE&ae=1&gclid=Cj0KCQjwiOy1BhDCARIsADGvQnBs2nQMAmLRJ_jyOh395Tuw2gXQZu2IdEx4nSdAmNpxXjrFR26t0YgaAnHXEALw_wcB&num=1&cid=CAQSQwDpaXnfguSJSzuKGU0CU0Cm2irdfizB_rTbKQeiha3gAGd-2NaM8C8hufwTl8SAnIdJE2kj9u9vx6EQ0gW-PtHOSE0YAQ&sig=AOD64_1vmgjlyoiFk6zZRgQGPizmyJ2edg&client=ca-pub-4343851330510276&rf=1&nb=9&adurl=https://wavebrowserpro.com/%3Fsrc%3Dd-cp21149134253%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695526492600%26adp%3D%26plc%3Dwww.dotpdn.com%26tgt%3Dsegment_be_a_1482992455817351819%26sl%3D%26cpd%3D21149134253%26iid%3Dwav-pro%26gad_source%3D5%26gclid%3DCj0KCQjwiOy1BhDCARIsADGvQnBs2nQMAmLRJ_jyOh395Tuw2gXQZu2IdEx4nSdAmNpxXjrFR26t0YgaAnHXEALw_wcB

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks