Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6704
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	18:23:18
Date:	15/01/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715c60000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6704 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	6756
Target ID:	2
Parent PID:	6704
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6704 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	18:23:19
Date:	15/01/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3f0000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina%C3%A7%C3%A3o%20Covid%2019%20quem%20pode%20aceder%20%C3%A0s%20fases%20priorit%C3%A1rias.jpg

193.126.51.80

Details

Name:	http://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina%C3%A7%C3%A3o%20Covid%2019%20quem%20pode%20aceder%20%C3%A0s%20fases%20priorit%C3%A1rias.jpg
IP:	193.126.51.80
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

http://www.mais.pt/bo/Entidades/PublishingImages/Plano

unknown

Details

Name:	http://www.mais.pt/bo/Entidades/PublishingImages/Plano
TargetID:	2
From Memory:	true
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source:	Plano%20Vacina o%20Covid%2019%20quem%20pode%20aceder%20 s%20fases%20priorit rias[1].htm.2.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina

unknown

Details

Name:	https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	~DFF45DDFE705DDF707.TMP.1.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

http://www.sbsi.pt

unknown

Details

Name:	http://www.sbsi.pt
TargetID:	2
From Memory:	true
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source:	favicon[1].htm.2.dr
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacinao%20Covid%2019%20quem%20pode%20aceder%20s%20fases%20prioritrias.jpg

http://www.link.pt

unknown

Details

Name:	http://www.link.pt
TargetID:	2
From Memory:	true
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source:	favicon[1].htm.2.dr

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

Domains

Name

Malicious

www.sbsi.pt

193.126.51.80

Details

Name:	www.sbsi.pt
IP:	193.126.51.80
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Urls found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	ComplianceNetworking

www.mais.pt

193.126.51.80

Details

Name:	www.mais.pt
IP:	193.126.51.80
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Urls found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	ComplianceNetworking

IPs

Domain

Country

Active

Malicious

193.126.51.80

unknown

Portugal

unknown

Details

IP:	193.126.51.80
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	2860
ASN name:	NOS_COMUNICACOESPT
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	ComplianceNetworking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{5B8DA2AD-5756-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 12 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2563046C000

unkown

page read and write

7FF52E922000

unkown

page readonly

7FF5AB982000

unkown

page readonly

DOM / HTML

URL

Malicious

https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacinao%20Covid%2019%20quem%20pode%20aceder%20s%20fases%20prioritrias.jpg

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML