Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7t

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\public.3.basecamp[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF122192-77AA-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF122194-77AA-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF122195-77AA-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\9HoiMQPNPfT1V5JoFAC5GG7t[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Graphik-RegularItalic-Cy-Gr-Web-a10a70f48489dfe7e0ab1fe80eebaa027610df48049f44cd1724ddcbce3ec509[1].woff

Web Open Font Format, TrueType, length 73940, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Graphik-SemiboldItalic-Cy-Gr-Web-9331e9964cf8f0a6ec536ecafb1ccfb7bde3bad32248b64a51b31142786bc3f3[1].woff

Web Open Font Format, TrueType, length 79628, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\31AC96_1_0[1].woff

Web Open Font Format, TrueType, length 46052, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\desktop-09334a52f8be90f7ab2c69fb59eb0eaf1a2a7c3015b9151b4e641a93284fe9d1[1].css

UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\libraries-a6ab6002c86dc39bd54d[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\public-e8b06a8ee10d5c07ccf7e91ef27eaae0ca5404d0c4d5ba63c7fc633b29923020[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\weebly-logo-blue[1].png

PNG image data, 174 x 62, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\31AC96_0_0[1].eot

Embedded OpenType (EOT)

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\31AC96_2_0[1].eot

Embedded OpenType (EOT)

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon-32x32[1].png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\fonts-0adca736826e5341a26aa294e6302bb2284836e97151246bbe094a75e994e2fc[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Temp\dat8C2F.tmp

Web Open Font Format, TrueType, length 69114, version 0.0

dropped

C:\Users\user\AppData\Local\Temp\dat8C4F.tmp

Web Open Font Format, TrueType, length 76130, version 0.0

dropped

C:\Users\user\AppData\Local\Temp\~DF8853F3693435E5B4.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFA00F9F0FC6A06177.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFA5A270FBA6D61E89.TMP

data

dropped

There are 13 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6136
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	21:49:21
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff661a10000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6136 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	5888
Target ID:	2
Parent PID:	6136
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6136 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	21:49:21
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1110000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://public.3.basecamp.com/favicon-32x32.png

unknown

https://bc3-production-assets-cdn.basecamp-static.com

unknown

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7t

unknown

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7tNYou

unknown

https://bc3-production-assets-cdn.basecamp-static.com/assets/desktop-09334a52f8be90f7ab2c69fb59eb0ea

unknown

https://public.3..com/m/p/9HoiMQPNPfT1V5JoFAC5GG7tRoot

unknown

https://mibghgh.weebly.com/m/p/9HoiMQPNPfT1V5JoFAC5GG7t

unknown

https://mibghgh.weeblyamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7t

unknown

https://public.3.ba24b-7732-4312-b6e5-6bb75d448e48

unknown

https://mibghgh.weebly.com/

https://mibghgh.weebly.com

unknown

https://public.3.Root

unknown

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7tamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7tRoot

unknown

https://bc3-production-assets-cdn.basecamp-static.com/assets/packs/libraries-a6ab6002c86dc39bd54d.js

unknown

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7tRoot

unknown

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7t

https://bc3-production-assets-cdn.basecamp-static.com/assets/rich_text-7df2a91e108ef44ef372558ec3956

unknown

https://bc3-production-assets-cdn.basecamp-static.com/assets/billing-4200b9e83e3eb94932d80c6cbcaca79

unknown

https://bc3-production-assets-cdn.basecamp-static.com/assets/fonts-0adca736826e5341a26aa294e6302bb22

unknown

https://mibghgh.weebly

unknown

https://bc3-production-assets-cdn.basecamp-static.com/assets/public-e8b06a8ee10d5c07ccf7e91ef27eaae0

unknown

https://public.3.basecamp.com/buckets/20950190/vaults/3492664608

unknown

There are 12 hidden URLs, click here to show them.

Domains

Name

Malicious

pages-wildcard.weebly.com

199.34.228.53

3.basecamp.com

64.202.125.15

d30fxesrqrvb2r.cloudfront.net

13.224.94.73

weebly.map.fastly.net

151.101.1.46

beanstalk.37signals.com

130.211.11.159

public.3.basecamp.com

64.202.125.18

mibghgh.weebly.com

unknown

cdn2.editmysite.com

unknown

cdn1.editmysite.com

unknown

bc3-production-assets-cdn.basecamp-static.com

unknown

IPs

Domain

Country

Active

Malicious

64.202.125.18

unknown

United States

unknown

Details

IP:	64.202.125.18
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	25657
ASN name:	BASECAMPUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

64.202.125.15

unknown

United States

unknown

Details

IP:	64.202.125.15
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	25657
ASN name:	BASECAMPUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

130.211.11.159

unknown

United States

unknown

Details

IP:	130.211.11.159
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.1.46

unknown

United States

unknown

Details

IP:	151.101.1.46
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.224.94.82

unknown

United States

unknown

Details

IP:	13.224.94.82
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

199.34.228.53

unknown

United States

unknown

Details

IP:	199.34.228.53
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	27647
ASN name:	WEEBLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{EF122192-77AA-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 14 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

https://mibghgh.weebly.com/

https://public.3.basecamp.com/p/9HoiMQPNPfT1V5JoFAC5GG7t

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML