IOC Report
IMG_3862.MOV

Files

File Path

Type

Category

Malicious

IMG_3862.MOV

ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)

initial sample

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\INetCache\J2BQWT8V\configuration[1].xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\Cache\msprcore.bla

RAGE Package Format (RPF),

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Extensible storage engine DataBase, version 0x620, checksum 0xeb592adf, page size 8192, JustCreated, Windows version 0.0

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml~RF557dec.TMP (copy)

ASCII text, with no line terminators

dropped

Domains

Name

IP

Malicious

part-0013.t-0009.t-msedge.net

13.107.246.41

settings-ssl.xboxlive.com

unknown

IPs

IP

Domain

Country

Malicious

13.107.246.41

part-0013.t-0009.t-msedge.net

United States

Details

IP:	13.107.246.41
TargetID:	2
Current Path:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
Country:	United States
Countrycode:	USA
ASN number:	8068
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false
Domain:	part-0013.t-0009.t-msedge.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

184.25.164.10

unknown

United States

184.31.61.214

unknown

United States