Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

MALWARE ACH WIRE PAYMENT ADVICE..xlsx

Microsoft Excel 2007+

initial sample

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZlFRrg5s[1].htm

HTML document, UTF-8 Unicode text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ZlFRrg5s[1].htm

HTML document, UTF-8 Unicode text, with very long lines

dropped

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

PNG image data, 16 x 16, 4-bit colormap, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MP98E46N\24mbw17feyn.typeform[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06357C73-5634-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B7414B4-5634-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06357C75-5634-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B7414B6-5634-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B7414B7-5634-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\dnserror[1]

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon[1].ico

PNG image data, 16 x 16, 4-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\httpErrorPagesScripts[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LnkQ4hGmxTTD[1].png

PNG image data, 131 x 109, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon-32x32[1].png

PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\urlblockindex[1].bin

data

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\aa6e0ec721[1].js

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\aa6e0ec721[2].js

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\errorPageStrings[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\NewErrorPageTemplate[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\large[1].jpg

JPEG image data, baseline, precision 8, 1920x1080, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nr-1123.min[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B24727B2.jpeg

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 816x1056, frames 3

dropped

C:\Users\user\AppData\Local\Temp\~DF0E06319D83AC7A0C.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF37DFCB5A035E701F.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF603759FFBDDCD7CD.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFE817CF54CF726A92.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFF6708434B88E8000.TMP

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\BPMGT7B2.txt

ASCII text

downloaded

C:\Users\user\Desktop\~$MALWARE ACH WIRE PAYMENT ADVICE..xlsx

data

dropped

There are 21 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2440
Target ID:	0
Parent PID:	584
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Size:	27641504
MD5:	5FB0A0F93382ECD19F5F499A5CAA59F0
Time:	22:44:37
Date:	13/01/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13f800000
Modulesize:	27758592
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Internet Explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2528
Target ID:	2
Parent PID:	584
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	814288
MD5:	4EB098135821348270F27157F7A84E65
Time:	22:45:01
Date:	13/01/2021
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x13f780000
Modulesize:	819200
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2528 CREDAT:275457 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	2696
Target ID:	3
Parent PID:	2528
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2528 CREDAT:275457 /prefetch:2
Size:	815304
MD5:	8A590F790A98F3D77399BE457E01386A
Time:	22:45:02
Date:	13/01/2021
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x1380000
Modulesize:	819200
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Internet Explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s

Details

Is windows:	true
Is dropped:	false
PID:	1836
Target ID:	6
Parent PID:	2440
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Size:	814288
MD5:	4EB098135821348270F27157F7A84E65
Time:	22:45:10
Date:	13/01/2021
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x13f780000
Modulesize:	819200
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1836 CREDAT:275457 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	1900
Target ID:	7
Parent PID:	1836
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1836 CREDAT:275457 /prefetch:2
Size:	815304
MD5:	8A590F790A98F3D77399BE457E01386A
Time:	22:45:10
Date:	13/01/2021
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x1380000
Modulesize:	819200
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.typeform.com/?utm_campaign=undefined&utm_source=typeform.com-17520522-Free&utm_medium=typeform&utm_content=typeform-closescreen&utm_term=EN

https://images.typeform.com/images/CJr828dpN5yQ/image/default

unknown

https://public-assets.typeform.com/public/favicon/favicon-32x32.png

unknown

https://images.typeform.com/images/nXkRcNPp6wtg/background/large

unknown

https://public-assets.typeform.com/public/favicon/safari-pinned-tab.svg

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s6om/?utm_campaign=undefined&utm_sorm.com/to/ZlFRrg5s

unknown

https://24mbw17feyn.ty

unknown

https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s

unknown

https://public-assets.typeform.com/public/favicon/favicon-16x16.png

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s6peform.com/to/ZlFRrg5sRoot

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s

https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s6Root

unknown

https://images.typeform.com/images/FYUps4mFKPYK/image/default

unknown

https://public-assets.typeform.com/public/favicon/browserconfig.xml

unknown

https://public-assets.typeform.com/public/favicon/site.webmanifest

unknown

https://public-assets.typeform.com/public/favicon/favicon.ico

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5sz

unknown

https://public-assets.typeform.com/public/favicon/apple-touch-icon.png

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5s/favicon-32x32.png

unknown

https://www.typeform.c

unknown

https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot

unknown

https://public-assets.typeform.com/public/favicon/favicon-32x32.png-

unknown

https://www.typeform.com/?utm_campaign=undefined&utm_source=typeform.com-17520522-Free&utm_medium=ty

unknown

https://www.typeform.com/?utm_campaign=undefined&utm_source=typeform.com-17520522-Free&utm_m

unknown

There are 17 hidden URLs, click here to show them.

Domains

Name

Malicious

d2nvsmtq2poimt.cloudfront.net

65.9.58.100

Details

Name:	d2nvsmtq2poimt.cloudfront.net
IP:	65.9.58.100
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

bam.nr-data.net

162.247.242.20

Details

Name:	bam.nr-data.net
IP:	162.247.242.20
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

d2p6vz8nayi9a3.cloudfront.net

65.9.58.120

Details

Name:	d2p6vz8nayi9a3.cloudfront.net
IP:	65.9.58.120
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

public-assets.typeform.com

unknown

js-agent.newrelic.com

unknown

images.typeform.com

unknown

24mbw17feyn.typeform.com

unknown

Details

Name:	24mbw17feyn.typeform.com
TargetID:	7
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Urls found in memory or binary data	Networking

IPs

Domain

Country

Active

Malicious

65.9.58.100

unknown

United States

unknown

Details

IP:	65.9.58.100
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

65.9.58.120

unknown

United States

unknown

Details

IP:	65.9.58.120
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

162.247.242.20

unknown

United States

unknown

Details

IP:	162.247.242.20
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	23467
ASN name:	NEWRELIC-AS-1US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

65.9.58.89

unknown

United States

unknown

Details

IP:	65.9.58.89
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

l!2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ED04A

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

=&2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F3312

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F34F5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseRWHlinkNavigation

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\system32\qagentrt.dll,-10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-843

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-844

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\wuaueng.dll,-400

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

{06357C73-5634-11EB-ADCF-ECF4BBB5915B}

C:\Program Files\Internet Explorer\iexplore.exe

ChangeNotice

C:\Program Files\Internet Explorer\iexplore.exe

NextUpdateDate

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateLowDateTime

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateHighDateTime

C:\Program Files\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977

C:\Program Files\Internet Explorer\iexplore.exe

2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateLowDateTime

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateHighDateTime

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Blob

C:\Program Files\Internet Explorer\iexplore.exe

{0B7414B4-5634-11EB-ADCF-ECF4BBB5915B}

C:\Program Files\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

Window_Placement

C:\Program Files\Internet Explorer\iexplore.exe

AdminActive

C:\Program Files\Internet Explorer\iexplore.exe

AdminActive

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977

C:\Program Files\Internet Explorer\iexplore.exe

2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

NextUpdateDate

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

There are 118 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

https://24mbw17feyn.typeform.com/to/ZlFRrg5s

Details

Filename:	715575.pages.html.dom
Url:	https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Target ID:	7
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1836 CREDAT:275457 /prefetch:2

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish_25	Phishing

https://www.typeform.com/?utm_campaign=undefined&utm_source=typeform.com-17520522-Free&utm_medium=typeform&utm_content=typeform-closescreen&utm_term=EN

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML