IOCReport

loading gif

Files

File Path
Type
Category
Malicious
RFQ RATED POWER 2000HP- OTHERSPECIFICATION.docx.doc
Rich Text Format data, unknown version
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mpomabiva[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
malicious
C:\Users\user\AppData\Roaming\mpomboby8423.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1E842130-90B9-4F45-8DA5-C9F08E2C2850}.tmp
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7621A4C2-B642-4F8D-86CD-93AA6D767CE8}.tmp
data
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\RFQ RATED POWER 2000HP- OTHERSPECIFICATION.docx.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Aug 26 14:08:13 2020, atime=Thu Jan 14 03:36:37 2021, length=1323990, window=hide
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
clean
C:\Users\user\Desktop\~$Q RATED POWER 2000HP- OTHERSPECIFICATION.docx.doc
data
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
malicious
C:\Users\user\AppData\Roaming\mpomboby8423.exe
C:\Users\user\AppData\Roaming\mpomboby8423.exe
malicious
C:\Users\user\AppData\Roaming\mpomboby8423.exe
C:\Users\user\AppData\Roaming\mpomboby8423.exe
malicious
C:\Windows\explorer.exe
malicious
C:\Windows\SysWOW64\help.exe
C:\Windows\SysWOW64\help.exe
malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
clean
C:\Windows\SysWOW64\cmd.exe
/c del 'C:\Users\user\AppData\Roaming\mpomboby8423.exe'
clean

URLs

Name
IP
Malicious
http://vm1662026.3ssd.had.wf/mpomabiva.exe
92.119.114.220
malicious
http://search.chol.com/favicon.ico
unknown
clean
http://www.mercadolivre.com.br/
unknown
clean
http://www.merlin.com.pl/favicon.ico
unknown
clean
http://search.ebay.de/
unknown
clean
http://www.mtv.com/
unknown
clean
http://www.rambler.ru/
unknown
clean
http://www.nifty.com/favicon.ico
unknown
clean
http://www.dailymail.co.uk/
unknown
clean
http://www3.fnac.com/favicon.ico
unknown
clean
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
clean
http://buscar.ya.com/
unknown
clean
http://search.yahoo.com/favicon.ico
unknown
clean
http://www.iis.fhg.de/audioPA
unknown
clean
http://www.sogou.com/favicon.ico
unknown
clean
http://asp.usatoday.com/
unknown
clean
http://www.msn.com/?ocid=iehpme2
unknown
clean
http://fr.search.yahoo.com/
unknown
clean
http://rover.ebay.com
unknown
clean
http://in.search.yahoo.com/
unknown
clean
http://img.shopzilla.com/shopzilla/shopzilla.ico
unknown
clean
http://search.ebay.in/
unknown
clean
http://image.excite.co.jp/jp/favicon/lep.ico
unknown
clean
http://%s.com
unknown
clean
http://msk.afisha.ru/
unknown
clean
http://www.msn.com/?ocid=iehps
unknown
clean
http://busca.igbusca.com.br//app/static/images/favicon.ico
unknown
clean
http://search.rediff.com/
unknown
clean
http://www.windows.com/pctv.
unknown
clean
http://www.ya.com/favicon.ico
unknown
clean
http://www.etmall.com.tw/favicon.ico
unknown
clean
http://it.search.dada.net/favicon.ico
unknown
clean
http://search.naver.com/
unknown
clean
http://www.google.ru/
unknown
clean
http://search.hanafos.com/favicon.ico
unknown
clean
http://cgi.search.biglobe.ne.jp/favicon.ico
unknown
clean
http://www.abril.com.br/favicon.ico
unknown
clean
http://search.daum.net/
unknown
clean
http://search.naver.com/favicon.ico
unknown
clean
http://search.msn.co.jp/results.aspx?q=
unknown
clean
http://www.clarin.com/favicon.ico
unknown
clean
http://buscar.ozu.es/
unknown
clean
http://kr.search.yahoo.com/
unknown
clean
http://search.about.com/
unknown
clean
http://busca.igbusca.com.br/
unknown
clean
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
unknown
clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
clean
http://www.ask.com/
unknown
clean
http://www.priceminister.com/favicon.ico
unknown
clean
http://www.cjmall.com/
unknown
clean
http://search.centrum.cz/
unknown
clean
http://suche.t-online.de/
unknown
clean
http://www.google.it/
unknown
clean