Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92EDE2C0-9892-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92EDE2C2-9892-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92EDE2C3-9892-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff

Web Open Font Format, TrueType, length 130756, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\icon[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\analytics[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\js[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\css[1].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\lookup[1].txt

ASCII text, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d3.v5.min[1].js

C source, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\gauge.min[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery-3.5.1.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\summary[1].htm

HTML document, ASCII text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Temp\~DF03EBC80C459E6306.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF22D8D2F9858A4A01.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF3C49D9964B8B7017.TMP

data

dropped

There are 16 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2680
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	10:48:06
Date:	08/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff721e20000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	5400
Target ID:	2
Parent PID:	2680
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	10:48:07
Date:	08/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc70000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.nytimes.com/

unknown

https://www.google.%/ads/ga-audiences

unknown

https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

unknown

http://www.youtube.com/

unknown

https://code.jquery.com/jquery-3.5.1.min.js

unknown

http://www.wikipedia.com/

unknown

http://www.amazon.com/

unknown

https://stats.g.doubleclick.net/j/collect

unknown

http://www.live.com/

unknown

https://d3js.org/d3.v5.min.js

unknown

https://d3js.org

unknown

http://www.reddit.com/

unknown

http://www.twitter.com/

unknown

https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9daRoot

unknown

https://cct.google/taggy/agent.js

unknown

https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

https://bernii.github.io/gauge.js/dist/gauge.min.js

unknown

There are 7 hidden URLs, click here to show them.

Domains

Name

Malicious

bernii.github.io

185.199.108.153

Details

Name:	bernii.github.io
IP:	185.199.108.153
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com

35.178.120.30

Details

Name:	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com
IP:	35.178.120.30
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

d3js.org

104.26.6.30

Details

Name:	d3js.org
IP:	104.26.6.30
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

summary.aquilaiajax.com

unknown

Details

Name:	summary.aquilaiajax.com
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

code.jquery.com

unknown

IPs

Domain

Country

Malicious

104.26.6.30

d3js.org

United States

Details

IP:	104.26.6.30
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	d3js.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

35.178.120.30

london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com

United States

Details

IP:	35.178.120.30
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

185.199.108.153

bernii.github.io

Netherlands

Details

IP:	185.199.108.153
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	bernii.github.io

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{92EDE2C0-9892-11EB-90E5-ECF4BB2D2496}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 16 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF532DC9000

unkown

page readonly

7FF532E39000

unkown

page readonly

1FD11C29000

unkown

page read and write

1D2B3480000

heap private

page read and write

7FF5329C6000

unkown

page readonly

7FF532D21000

unkown

page readonly

7FF532ED3000

unkown

page readonly

1D2B3800000

unkown

page write copy

1FD11A70000

heap private

page read and write

1D2B3602000

unkown

page read and write

7FF532BBF000

unkown

page readonly

1D2B50F0000

unkown

page readonly

7FF56D693000

unkown

page readonly

7FF56D67A000

unkown

page readonly

7FF56D4B8000

unkown

page readonly

7FF532DC0000

unkown

page readonly

7FF532D91000

unkown

page readonly

1FD11C78000

unkown

page read and write

7FF56D268000

unkown

page readonly

7FF532C20000

unkown

page readonly

1FD11C13000

unkown

page read and write

7FF532C5F000

unkown

page readonly

7FF56D555000

unkown

page readonly

7FF56D41F000

unkown

page readonly

1FD11CC2000

unkown

page read and write

EDA177F000

unkown

page read and write

7FF56D557000

unkown

page readonly

1FD135C0000

unkown

page read and write

7FF532CF8000

unkown

page readonly

7FF56D664000

unkown

page readonly

7FF532EE2000

unkown

page readonly

7FF56D5F9000

unkown

page readonly

1FD11C55000

unkown

page read and write

1FD11CB0000

unkown

page read and write

7FF532E12000

unkown

page readonly

7FF56D5ED000

unkown

page readonly

1FD11C3F000

unkown

page read and write

7FF532C2B000

unkown

page readonly

1FD11CB0000

unkown

page read and write

7FF532E97000

unkown

page readonly

9390C79000

unkown

page read and write

7FF532DE1000

unkown

page readonly

1FD13E00000

unkown

page readonly

1D2B3655000

unkown

page read and write

1FD14010000

unkown

page read and write

939076E000

unkown

page read and write

7FF532DEF000

unkown

page readonly

1FD11D13000

unkown

page read and write

1FD13AA0000

unkown

page read and write

1FD11D00000

unkown

page read and write

1FD13A30000

unkown

page readonly

7FF532EA4000

unkown

page readonly

7FF56D5B3000

unkown

page readonly

7FF532BB5000

unkown

page readonly

1D2B3702000

unkown

page read and write

7FF532AB6000

unkown

page readonly

7FF56D496000

unkown

page readonly

1FD13AD0000

unkown

page readonly

EDA139E000

unkown

page read and write

7FF532EBA000

unkown

page readonly

7FF56D667000

unkown

page readonly

1FD13A20000

unkown

page read and write

7FF532DDF000

unkown

page readonly

7FF56D5E6000

unkown

page readonly

1FD11CBC000

unkown

page read and write

7FF532BD2000

unkown

page readonly

9390BFC000

unkown

page read and write

1FD13AA0000

unkown

page read and write

7FF532D28000

unkown

page readonly

7FF532EE7000

unkown

page readonly

EDA19FF000

unkown

page read and write

EDA167A000

unkown

page read and write

7FF56D696000

unkown

page readonly

7FF532C7A000

unkown

page readonly

7FF532DB7000

unkown

page readonly

7FF532C0B000

unkown

page readonly

1D2B35C0000

unkown

page readonly

1D2B366A000

unkown

page read and write

7FF532E0A000

unkown

page readonly

7FF532AA8000

unkown

page readonly

1FD11BB0000

unkown

page write copy

7FF532ABA000

unkown

page readonly

7FF532E26000

unkown

page readonly

1FD13D00000

unkown

page read and write

7FF532C44000

unkown

page readonly

7FF532DFD000

unkown

page readonly

7FF56D577000

unkown

page readonly

1D2B4FF0000

unkown

page read and write

7FF56D657000

unkown

page readonly

7FF532E3E000

unkown

page readonly

7FF532DF3000

unkown

page readonly

7FF532D87000

unkown

page readonly

9390B7F000

unkown

page read and write

EDA197D000

unkown

page read and write

1FD11C09000

unkown

page read and write

7FF56D5BE000

unkown

page readonly

9390A7B000

unkown

page read and write

1FD136C0000

unkown

page readonly

7FF56D6A2000

unkown

page readonly

1FD13D33000

unkown

page read and write

7FF532E06000

unkown

page readonly

7FF532CD6000

unkown

page readonly

7FF56D37F000

unkown

page readonly

7FF56D654000

unkown

page readonly

7FF56D66B000

unkown

page readonly

1FD11D02000

unkown

page read and write

93907EE000

unkown

page read and write

7FF56D3CB000

unkown

page readonly

1FD13D64000

unkown

page read and write

1FD13A90000

unkown

page readonly

1FD13A40000

heap private

page read and write

7FF56D4B0000

unkown

page readonly

1FD11CA4000

unkown

page read and write

93906EB000

unkown

page read and write

7FF56D65D000

unkown

page readonly

1D2B3629000

unkown

page read and write

EDA129B000

unkown

page read and write

7FF532C1E000

unkown

page readonly

7FF56D3CF000

unkown

page readonly

7FF532BD9000

unkown

page readonly

1FD13AA0000

unkown

page read and write

EDA16F9000

unkown

page read and write

7FF534CD7000

unkown

page readonly

1D2B34F0000

unkown

page readonly

7FF532EE7000

unkown

page readonly

1D2B3850000

unkown

page readonly

7FF56D276000

unkown

page readonly

EDA1879000

unkown

page read and write

7FF56D5CA000

unkown

page readonly

1FD11C87000

unkown

page read and write

7FF532ED6000

unkown

page readonly

7FF53295E000

unkown

page readonly

1FD13D02000

unkown

page read and write

1FD11C00000

unkown

page read and write

7FF56D6A7000

unkown

page readonly

7FF56D6A7000

unkown

page readonly

1FD13D23000

unkown

page read and write

7FF56CE97000

unkown

page readonly

7FF532C0F000

unkown

page readonly

7FF56D5C6000

unkown

page readonly

7FF532E37000

unkown

page readonly

1D2B34E0000

heap default

page read and write

1FD13D0A000

unkown

page read and write

1FD11AD0000

heap default

page read and write

1FD12000000

unkown

page readonly

7FF56D27A000

unkown

page readonly

7FF56D375000

unkown

page readonly

7FF532E94000

unkown

page readonly

7FF532E9D000

unkown

page readonly

1FD11AE0000

unkown

page readonly

7FF532D97000

unkown

page readonly

7FF5326D7000

unkown

page readonly

1FD11E00000

unkown

page readonly

1D6484C3000

unkown

page read and write

7FF532EA7000

unkown

page readonly

1FD13C02000

unkown

page read and write

1D2B3613000

unkown

page read and write

EDA17F9000

unkown

page read and write

1FD13D1E000

unkown

page read and write

EDA131E000

unkown

page read and write

1D2B363F000

unkown

page read and write

7FF532CF0000

unkown

page readonly

1FD13AB0000

unkown

page readonly

1FD13AA0000

unkown

page read and write

1D2B3600000

unkown

page read and write

7FF56D5F7000

unkown

page readonly

7FF56D5D2000

unkown

page readonly

7FF532DC4000

unkown

page readonly

1FD11CD7000

unkown

page read and write

7FF532D95000

unkown

page readonly

EDA18FD000

unkown

page read and write

7FF532DD4000

unkown

page readonly

1FD11D14000

unkown

page read and write

9390AFA000

unkown

page read and write

7FF532E2D000

unkown

page readonly

7FF56D5AF000

unkown

page readonly

There are 166 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML