hxxp://google[.]com | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

http://google.com

windows11-21h2-x64

Sharing

General

Target

http://google.com
Sample

240703-fpe2zaydmd

Score

10^/10

bootkit discovery evasion exploit macro macro_on_action persistence ransomware trojan upx

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://google.com

Resource

win11-20240419-en

bootkit discovery evasion exploit macro macro_on_action persistence ransomware trojan upx

windows11-21h2-x64

33 signatures

1800 seconds

Malware Config

Targets

- Target
  
  http://google.com
Score

10^/10

bootkit discovery evasion exploit macro macro_on_action persistence ransomware trojan upx
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

bootkitdiscoveryevasionexploitmacromacro_on_actionpersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy