hxxps://drive[.]google[.]com/drive/folders/1r2Jv2t5uqIFpUxb54FkoKw-eIrecgq-h

General

Target

https://drive.google.com/drive/folders/1r2Jv2t5uqIFpUxb54FkoKw-eIrecgq-h

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 33 IoCs

Web Service

T1102

flow	ioc
336	drive.google.com
145	drive.google.com
202	drive.google.com
224	drive.google.com
321	drive.google.com
366	drive.google.com
7	drive.google.com
122	drive.google.com
127	drive.google.com
312	drive.google.com
367	drive.google.com
5	drive.google.com
199	drive.google.com
365	drive.google.com
162	drive.google.com
230	drive.google.com
299	drive.google.com
337	drive.google.com
200	drive.google.com
220	drive.google.com
14	drive.google.com
221	drive.google.com
364	drive.google.com
378	drive.google.com
379	drive.google.com
170	drive.google.com
10	drive.google.com
121	drive.google.com
142	drive.google.com
146	drive.google.com
228	drive.google.com
298	drive.google.com
6	drive.google.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5224	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5224	AUDIODG.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1r2Jv2t5uqIFpUxb54FkoKw-eIrecgq-h
1⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4020,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=1068 /prefetch:1
1⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3932,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:1
1⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5364,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:1
1⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5536,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
1⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5552,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
1⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6040,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:2
1⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6324,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1
1⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6316,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
1⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6636,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:1
1⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6956,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:8
1⤵
PID:5180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6656,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
1⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7124,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
1⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=4048,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:1
1⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4872,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:8
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads