Overview

overview

6

Static

static

1

URLScan

urlscan

1

http://drive.google....

windows10-2004-x64

6

Analysis

  • max time kernel
    71s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://drive.google.com/uc?export=download&id=1MvF-Uo_7IE2GtiJRkrXOFUtdkTQsQuGt

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com/uc?export=download&id=1MvF-Uo_7IE2GtiJRkrXOFUtdkTQsQuGt
    1⤵
      PID:2120
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1
      1⤵
        PID:216
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3864,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:1
        1⤵
          PID:4788
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5380,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
          1⤵
            PID:4800
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
            1⤵
              PID:4556
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6220,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
              1⤵
                PID:624
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6228,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:1
                1⤵
                  PID:2604
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6520,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
                  1⤵
                    PID:4332
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:888
                    • C:\Windows\system32\OpenWith.exe
                      C:\Windows\system32\OpenWith.exe -Embedding
                      1⤵
                      • Modifies registry class
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of SetWindowsHookEx
                      PID:4104
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6196,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8
                      1⤵
                        PID:4104

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads