Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

http://infracciondeestacionamiento.eastus.cloudapp.azure.com/

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8DB4C641-77F9-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DB4C643-77F9-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DB4C644-77F9-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]

PNG image data, 15 x 15, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Temp\~DF1941737AB82EBAD0.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF206265ECC2730224.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF37290E0852463019.TMP

data

dropped

There are 2 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	5244
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	22:12:07
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff72a390000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5244 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	1384
Target ID:	2
Parent PID:	5244
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5244 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	22:12:08
Date:	25/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x12c0000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{8DB4C641-77F9-11EB-90E4-ECF4BB862DED}

C:\Program Files\internet explorer\iexplore.exe

AdminActive

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

There are 10 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF50F716000

unkown

page readonly

7FF50F72C000

unkown

page readonly

7FF50F6F9000

unkown

page readonly

22FD58F0000

heap default

page read and write

7FF50F423000

unkown

page readonly

22FD7330000

heap private

page read and write

22FD5EA0000

unkown

page readonly

7FF50EFC8000

unkown

page readonly

EF773FE000

unkown

page read and write

22FD58B0000

unkown

page readonly

22FD59F0000

unkown

page readonly

22FD7520000

heap private

page read and write

7FF50F735000

unkown

page readonly

22FD5800000

unkown

page read and write

22FD7470000

heap private

page read and write

7FF50F79E000

unkown

page readonly

7FF50F70D000

unkown

page readonly

7FF50F744000

unkown

page readonly

22FD7660000

heap private

page read and write

7FF50F6CA000

unkown

page readonly

7FF50F6BA000

unkown

page readonly

22FD592D000

heap default

page read and write

EF7727E000

unkown

page read and write

7FF50F42C000

unkown

page readonly

7FF50F740000

unkown

page readonly

EF76F4C000

unkown

page read and write

22FD5B10000

unkown

page readonly

22FD56D0000

unkown

page readonly

7FF50F64E000

unkown

page readonly

7FF50F6B8000

unkown

page readonly

7FF50F747000

unkown

page readonly

7FF50F711000

unkown

page readonly

22FD58FB000

heap default

page read and write

7FF50F71C000

unkown

page readonly

22FD5730000

unkown

page readonly

7FF50F654000

unkown

page readonly

EF7747C000

unkown

page read and write

7FF50F7A9000

unkown

page readonly

EF772FD000

unkown

page read and write

22FD5B05000

heap private

page read and write

7FF50F6DE000

unkown

page readonly

22FD5850000

unkown

page readonly

22FD5B00000

heap private

page read and write

7FF50F752000

unkown

page readonly

7FF50F7A1000

unkown

page readonly

22FD742F000

heap private

page read and write

22FD5890000

unkown

page readonly

22FD58A0000

unkown

page readonly

7FF50F7A9000

unkown

page readonly

7FF50F6E5000

unkown

page readonly

22FD5840000

unkown

page readonly

7FF50F726000

unkown

page readonly

22FD5820000

unkown

page read and write

7FF50F6B6000

unkown

page readonly

7FF50F6A0000

unkown

page readonly

EF76FCE000

unkown

page read and write

7FF50F74D000

unkown

page readonly

7FF50F64A000

unkown

page readonly

7FF50F3BC000

unkown

page readonly

7FF50F6A2000

unkown

page readonly

There are 50 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

Registry

Memdumps