Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6824
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	21:59:18
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff71e5d0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6824 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	6872
Target ID:	2
Parent PID:	6824
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6824 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	21:59:19
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x980000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.mijn-authenticatiebetaalpas.xyz/Root

unknown

Details

Name:	http://www.mijn-authenticatiebetaalpas.xyz/Root
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	{53688A39-77AC-11EB-90EB-ECF4BBEA1588}.dat.1.dr

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Antivirus detection for URL or domain	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Urls found in memory or binary data	Networking

http://www.mijn-authenticatiebetaalpas.xyz/

unknown

Details

Name:	http://www.mijn-authenticatiebetaalpas.xyz/
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	~DF654EA8BDB7E65203.TMP.1.dr

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Antivirus detection for URL or domain	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Urls found in memory or binary data	Networking

Domains

Name

Malicious

www.mijn-authenticatiebetaalpas.xyz

unknown

Details

Name:	www.mijn-authenticatiebetaalpas.xyz
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Urls found in memory or binary data	Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{53688A37-77AC-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

There are 9 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

22000429000

unkown

page read and write

2200044C000

unkown

page read and write

7FF550B85000

unkown

page readonly

22000500000

unkown

page read and write

22000447000

unkown

page read and write

7FF550B97000

unkown

page readonly

22000B40000

unkown

page read and write

57FFD7F000

unkown

page read and write

22000E00000

unkown

page readonly

7FF550BEE000

unkown

page readonly

57800F7000

unkown

page read and write

7FF550B6C000

unkown

page readonly

7FF5503B1000

unkown

page readonly

22000426000

unkown

page read and write

7FF550B7E000

unkown

page readonly

22000413000

unkown

page read and write

22000400000

unkown

page read and write

7FF550A61000

unkown

page readonly

7FF550BF9000

unkown

page readonly

7FF550248000

unkown

page readonly

7FF550B8B000

unkown

page readonly

7FF550AE4000

unkown

page readonly

57803FE000

unkown

page read and write

7FF5509D1000

unkown

page readonly

7FF550A7E000

unkown

page readonly

22000451000

unkown

page read and write

22000508000

unkown

page read and write

7FF550BD4000

unkown

page readonly

22000502000

unkown

page read and write

22000513000

unkown

page read and write

22001140000

unkown

page readonly

2200047F000

unkown

page read and write

22000B30000

unkown

page readonly

22000470000

unkown

page read and write

7FF550B6A000

unkown

page readonly

7FF550A7B000

unkown

page readonly

7FF550BCA000

unkown

page readonly

7FF550C72000

unkown

page readonly

2200048A000

unkown

page read and write

7FF550BF6000

unkown

page readonly

2200043C000

unkown

page read and write

7FF550ACD000

unkown

page readonly

7FF550B80000

unkown

page readonly

2200044B000

unkown

page read and write

22000402000

unkown

page read and write

7FF550BAC000

unkown

page readonly

7FF550BB7000

unkown

page readonly

7FF550C6A000

unkown

page readonly

220006D0000

unkown

page readonly

7FF550AEC000

unkown

page readonly

7FF550C64000

unkown

page readonly

2200044E000

unkown

page read and write

7FF550AD3000

unkown

page readonly

22000380000

heap private

page read and write

2200044A000

unkown

page read and write

7FF550BC4000

unkown

page readonly

57FFF7B000

unkown

page read and write

7FF550BDF000

unkown

page readonly

57FFCFF000

unkown

page read and write

7FF550BE8000

unkown

page readonly

220003F0000

unkown

page readonly

220003E0000

heap default

page read and write

57801FD000

unkown

page read and write

7FF550C71000

unkown

page readonly

7FF550740000

unkown

page readonly

57FFC7B000

unkown

page read and write

7FF550755000

unkown

page readonly

57802FE000

unkown

page read and write

22000448000

unkown

page read and write

7FF550BFD000

unkown

page readonly

7FF550B7A000

unkown

page readonly

7FF550A23000

unkown

page readonly

2200047A000

unkown

page read and write

22000600000

unkown

page readonly

7FF5508F7000

unkown

page readonly

7FF550BAF000

unkown

page readonly

22000C02000

unkown

page read and write

2200044F000

unkown

page read and write

7FF550746000

unkown

page readonly

There are 69 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

Registry

Memdumps