Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-1703-x64

6

Analysis

  • max time kernel
    12s
  • max time network
    7s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-10-2024 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link

Score
6/10
googlephishing

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Detected potential entity reuse from brand GOOGLE.
    phishinggoogle
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link"
    1⤵
      PID:220
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2496
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4880
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1332
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2548
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OGAWJ4MK\analytics[1].js
      Filesize

      51KB

      MD5

      575b5480531da4d14e7453e2016fe0bc

      SHA1

      e5c5f3134fe29e60b591c87ea85951f0aea36ee1

      SHA256

      de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

      SHA512

      174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JYBLDLB4\favicon[1].ico
      Filesize

      5KB

      MD5

      f3418a443e7d841097c714d69ec4bcb8

      SHA1

      49263695f6b0cdd72f45cf1b775e660fdc36c606

      SHA256

      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

      SHA512

      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      Download Submit

    • memory/1520-327-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-99-0x00000184D97A0000-0x00000184D97A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-88-0x00000184D6AC0000-0x00000184D6AC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-83-0x00000184D6AA0000-0x00000184D6AA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-346-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-94-0x00000184D6AD0000-0x00000184D6AD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-96-0x00000184D91F0000-0x00000184D91F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-328-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-101-0x00000184D97C0000-0x00000184D97C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-329-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-104-0x00000184D5560000-0x00000184D5580000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1520-118-0x00000184DAC40000-0x00000184DAC60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1520-117-0x00000184DAC40000-0x00000184DAC60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1520-198-0x00000184D6C50000-0x00000184D6D50000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1520-207-0x00000184DBC00000-0x00000184DBD00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1520-287-0x00000184DB4A0000-0x00000184DB4C0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1520-92-0x00000184D91C0000-0x00000184D91C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-345-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-90-0x00000184D91B0000-0x00000184D91B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1520-330-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-331-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-332-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-333-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-336-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-337-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-338-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-344-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-339-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-340-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1520-343-0x00000184C45F0000-0x00000184C4600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2496-35-0x00000233003E0000-0x00000233003E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2496-16-0x000002337B220000-0x000002337B230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2496-0-0x000002337B120000-0x000002337B130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2548-45-0x000001865D600000-0x000001865D700000-memory.dmp

      Filesize

      1024KB

      Download