General
-
Target
https://www.googleadservices.com/pagead/aclk?nis=4&sa=L&ai=CS2UGlvs1Z_3XFuqA_NUP0JDCwQ23r7GYe96uytOBE_rRreqTDhABIKPW8zFg_YKAgLARoAGTwr-QPsgBAqgDAcgDyQSqBMECT9ATlQ83WrGN_3zbwubUm4-dcfLruIMMM0XXVjgxd4vPC-F1bTRhlVlFCCLdD-1PXpDaXl0HjcDWxS7Jf4_-qUu71dpLfzP-IXqM4VGICxPoB739VwP9TvTT8fVvho0QQPmYlA4YVcX8tEXOkaQwwMhCa5wQuEY-12pCdb8SfNel23n3PfY8ZiU8HYb6NU7w25StUfd6AmWpjupg0zJDwNW7fPsIhKwbQ58euDPmrBuVCzuvX9RdKXiMynynhS4a5B4xfVbmcKeLk7_4VN7jLgm98Q44oruxGH9_Z6MDSX2bKkFUHq1na62oANx9Ujt5p5b7IFoL_ThvPc_21SQhxFpxa1Lgxt4LzdV1qOhV_Qir3767AsISialSbiYIbRVAbX5Y6UFtz8HmgaQ_ALT9yGEt0qwTnbAVEQ0Y7ctKuURzwASYs5f_-QSIBdGnibtRoAYCgAeT-o_wGKgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIILAiAgYAQEAEYHjIBIjoQn9CDgICABIDAhICAtKiAAki9_cE6WMe_rLH324kDsQlGTSHSlaKOuYAKAZgLAcgLAdoMEAoKEICau6L68cGRWhICAQOqDQJJVMgNAdgTDdAVAfgWAYAXAbIXAhgBuhcCOAGyGAkSArBTGAIiAQDQGAHoGAE&ae=1&ase=2&gclid=EAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE&num=1&cid=CAQSOwCa7L7d0YsTBafKy0An0KbVCANdErUyvlb26ktTTVq10vkwYtHTw9dQ2iHrBFNvq7p8WrxzhHiA4jDDGAE&sig=AOD64_0oLm3rRf8zdkYkcsAvZwXopGQSgA&client=ca-pub-4894759983606832&rf=2&nb=2&adurl=https://pcappstore.com/%3Fap%3Dadwp%26as%3Dg_d_all_es_it_jp_in%26dm%5Btype%5D%3Ddis%26gad_source%3D5%26gclid%3DEAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE
-
Sample
241114-qsh8xayrav
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.googleadservices.com/pagead/aclk?nis=4&sa=L&ai=CS2UGlvs1Z_3XFuqA_NUP0JDCwQ23r7GYe96uytOBE_rRreqTDhABIKPW8zFg_YKAgLARoAGTwr-QPsgBAqgDAcgDyQSqBMECT9ATlQ83WrGN_3zbwubUm4-dcfLruIMMM0XXVjgxd4vPC-F1bTRhlVlFCCLdD-1PXpDaXl0HjcDWxS7Jf4_-qUu71dpLfzP-IXqM4VGICxPoB739VwP9TvTT8fVvho0QQPmYlA4YVcX8tEXOkaQwwMhCa5wQuEY-12pCdb8SfNel23n3PfY8ZiU8HYb6NU7w25StUfd6AmWpjupg0zJDwNW7fPsIhKwbQ58euDPmrBuVCzuvX9RdKXiMynynhS4a5B4xfVbmcKeLk7_4VN7jLgm98Q44oruxGH9_Z6MDSX2bKkFUHq1na62oANx9Ujt5p5b7IFoL_ThvPc_21SQhxFpxa1Lgxt4LzdV1qOhV_Qir3767AsISialSbiYIbRVAbX5Y6UFtz8HmgaQ_ALT9yGEt0qwTnbAVEQ0Y7ctKuURzwASYs5f_-QSIBdGnibtRoAYCgAeT-o_wGKgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIILAiAgYAQEAEYHjIBIjoQn9CDgICABIDAhICAtKiAAki9_cE6WMe_rLH324kDsQlGTSHSlaKOuYAKAZgLAcgLAdoMEAoKEICau6L68cGRWhICAQOqDQJJVMgNAdgTDdAVAfgWAYAXAbIXAhgBuhcCOAGyGAkSArBTGAIiAQDQGAHoGAE&ae=1&ase=2&gclid=EAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE&num=1&cid=CAQSOwCa7L7d0YsTBafKy0An0KbVCANdErUyvlb26ktTTVq10vkwYtHTw9dQ2iHrBFNvq7p8WrxzhHiA4jDDGAE&sig=AOD64_0oLm3rRf8zdkYkcsAvZwXopGQSgA&client=ca-pub-4894759983606832&rf=2&nb=2&adurl=https://pcappstore.com/%3Fap%3Dadwp%26as%3Dg_d_all_es_it_jp_in%26dm%5Btype%5D%3Ddis%26gad_source%3D5%26gclid%3DEAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
https://www.googleadservices.com/pagead/aclk?nis=4&sa=L&ai=CS2UGlvs1Z_3XFuqA_NUP0JDCwQ23r7GYe96uytOBE_rRreqTDhABIKPW8zFg_YKAgLARoAGTwr-QPsgBAqgDAcgDyQSqBMECT9ATlQ83WrGN_3zbwubUm4-dcfLruIMMM0XXVjgxd4vPC-F1bTRhlVlFCCLdD-1PXpDaXl0HjcDWxS7Jf4_-qUu71dpLfzP-IXqM4VGICxPoB739VwP9TvTT8fVvho0QQPmYlA4YVcX8tEXOkaQwwMhCa5wQuEY-12pCdb8SfNel23n3PfY8ZiU8HYb6NU7w25StUfd6AmWpjupg0zJDwNW7fPsIhKwbQ58euDPmrBuVCzuvX9RdKXiMynynhS4a5B4xfVbmcKeLk7_4VN7jLgm98Q44oruxGH9_Z6MDSX2bKkFUHq1na62oANx9Ujt5p5b7IFoL_ThvPc_21SQhxFpxa1Lgxt4LzdV1qOhV_Qir3767AsISialSbiYIbRVAbX5Y6UFtz8HmgaQ_ALT9yGEt0qwTnbAVEQ0Y7ctKuURzwASYs5f_-QSIBdGnibtRoAYCgAeT-o_wGKgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHAdIILAiAgYAQEAEYHjIBIjoQn9CDgICABIDAhICAtKiAAki9_cE6WMe_rLH324kDsQlGTSHSlaKOuYAKAZgLAcgLAdoMEAoKEICau6L68cGRWhICAQOqDQJJVMgNAdgTDdAVAfgWAYAXAbIXAhgBuhcCOAGyGAkSArBTGAIiAQDQGAHoGAE&ae=1&ase=2&gclid=EAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE&num=1&cid=CAQSOwCa7L7d0YsTBafKy0An0KbVCANdErUyvlb26ktTTVq10vkwYtHTw9dQ2iHrBFNvq7p8WrxzhHiA4jDDGAE&sig=AOD64_0oLm3rRf8zdkYkcsAvZwXopGQSgA&client=ca-pub-4894759983606832&rf=2&nb=2&adurl=https://pcappstore.com/%3Fap%3Dadwp%26as%3Dg_d_all_es_it_jp_in%26dm%5Btype%5D%3Ddis%26gad_source%3D5%26gclid%3DEAIaIQobChMI_fqssffbiQMVagC_BB1QiDDYEAEYASAAEgJv9PD_BwE
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1