Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

#U03bd#U03bf#U0456#U0441#U0435m#U0430#U0456l202114170492f#U0433#U03bfm+19796076561 19796076561.HTM

HTML document, ASCII text, with very long lines, with no line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\authorize_client_id_6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla43sejbi17xcvowr2h9fnp5du6tqzy0zn8705xdg6a2o4yelkpbt9u31ismhqcvwfrjt3h5igr8zpdbeo4nq67ywc1af2mlu9vjkxs0[1].htm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E40FA485-55BE-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E40FA487-55BE-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB50EAA9-55BE-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\arrow_left[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[3].ico

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\style[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\forgpass[1].png

PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\passwrd[1].png

PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sigin[1].png

PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_grey[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\enterpass[1].png

PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\inv-big-background[1].png

PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_white[2].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\firstmsg1[1].png

PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Temp\~DF2C3DE4B398643922.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF36A0BF1EB91DC84B.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF629A4FE2BF6AF1D3.TMP

data

dropped

There are 10 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	3136
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	17:46:32
Date:	13/01/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7057a0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3136 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	6100
Target ID:	2
Parent PID:	3136
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3136 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	17:46:33
Date:	13/01/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x12f0000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://iccisc.com/images/new/sense/authorize_client_id:6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla43sejbi17xcvowr2h9fnp5du6tqzy0zn8705xdg6a2o4yelkpbt9u31ismhqcvwfrjt3h5igr8zpdbeo4nq67ywc1af2mlu9vjkxs0?data=YmlrcmFtLmd1cnVuZ0BicmV3aW4uY28udWs=

Details

Name:	https://iccisc.com/images/new/sense/authorize_client_id:6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla43sejbi17xcvowr2h9fnp5du6tqzy0zn8705xdg6a2o4yelkpbt9u31ismhqcvwfrjt3h5igr8zpdbeo4nq67ywc1af2mlu9vjkxs0?data=YmlrcmFtLmd1cnVuZ0BicmV3aW4uY28udWs=
TargetID:	0
From Memory:	false
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Phishing site detected (based on favicon image match)	Phishing

https://iccisc.com/ima

unknown

Details

Name:	https://iccisc.com/ima
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	{E40FA487-55BE-11EB-90EB-ECF4BBEA1588}.dat.1.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

https://iccisc.com/images/new/sense/images/favicon.ico~

unknown

Details

Name:	https://iccisc.com/images/new/sense/images/favicon.ico~
TargetID:	2
From Memory:	true
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source:	imagestore.dat.2.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

https://iccisc.com/images/new/sense/authorize_client_id:6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla4

unknown

Details

Name:	https://iccisc.com/images/new/sense/authorize_client_id:6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla4
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	~DF2C3DE4B398643922.TMP.1.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

Domains

Name

Malicious

iccisc.com

103.27.87.65

Details

Name:	iccisc.com
IP:	103.27.87.65
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Urls found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	ComplianceNetworking

IPs

Domain

Country

Active

Malicious

103.27.87.65

unknown

India

unknown

Details

IP:	103.27.87.65
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	India
Countrycode:	IND
ASN number:	18229
ASN name:	CTRLS-AS-INCtrlSDatacentersLtdIN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{E40FA485-55BE-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files\internet explorer\iexplore.exe

NextUpdateDate

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 15 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

Details

Filename:	767668.pages.html.dom
Url:	https://iccisc.com/images/new/sense/authorize_client_id:6yamswq8-z0x3-g8qm-rhyk-607iytq3huoc_kg8mla43sejbi17xcvowr2h9fnp5du6tqzy0zn8705xdg6a2o4yelkpbt9u31ismhqcvwfrjt3h5igr8zpdbeo4nq67ywc1af2mlu9vjkxs0?data=YmlrcmFtLmd1cnVuZ0BicmV3aW4uY28udWs=
Target ID:	2
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3136 CREDAT:17410 /prefetch:2

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish_10	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML