Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
initial sample
|
||||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B8DA2AD-5756-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B8DA2AF-5756-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{666E5AEE-5756-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Plano%20Vacina o%20Covid%2019%20quem%20pode%20aceder%20
s%20fases%20priorit rias[1].htm
|
HTML document, UTF-8 Unicode text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].htm
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Plano%20Vacina o%20Covid%2019%20quem%20pode%20aceder%20
s%20fases%20priorit rias[1].jpg
|
[TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe
Photoshop 22.1 (Windows), datetime=2021:01:12 15:41:49], baseline, precision 8, 2361x3450, frames 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF599FFC6605A90397.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFC0BE553CBA2FF47F.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFF45DDFE705DDF707.TMP
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6704 CREDAT:17410 /prefetch:2
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina%C3%A7%C3%A3o%20Covid%2019%20quem%20pode%20aceder%20%C3%A0s%20fases%20priorit%C3%A1rias.jpg
|
193.126.51.80
|
||
http://www.mais.pt/bo/Entidades/PublishingImages/Plano
|
unknown
|
||
https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina
|
unknown
|
||
http://www.sbsi.pt
|
unknown
|
||
https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacinao%20Covid%2019%20quem%20pode%20aceder%20s%20fases%20prioritrias.jpg
|
|||
http://www.link.pt
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.sbsi.pt
|
193.126.51.80
|
||
www.mais.pt
|
193.126.51.80
|
IPs
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
---|---|---|---|---|---|
193.126.51.80
|
unknown
|
Portugal
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
{5B8DA2AD-5756-11EB-90EB-ECF4BBEA1588}
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
CVListPingLastYMD
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
There are 12 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2563046C000
|
unkown
|
page read and write
|
||
7FF52E922000
|
unkown
|
page readonly
|
||
7FF5AB982000
|
unkown
|
page readonly
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacinao%20Covid%2019%20quem%20pode%20aceder%20s%20fases%20prioritrias.jpg
|