Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://spark.adobe.com/page/ql80qXs9cgl3o/

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\spark.adobe[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\www.adobe[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13BDDBCB-AD59-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13BDDBCD-AD59-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AABAF24-AD59-11EB-90E5-ECF4BB2D2496}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat

data

modified

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\7O7MVXIS.htm

HTML document, ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d[1]

Web Open Font Format, CFF, length 67148, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d[2]

Web Open Font Format, CFF, length 66304, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].ico

MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\spark[1].svg

SVG Scalable Vector Graphics image

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_102523b575492841801eee551ccfbc5fca141ecdf[1].png

RIFF (little-endian) data, Web/P image

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_1a3a5d0b4d3b4cdafd28d6e4e2582aa89694802d1[1].png

[none]x[none], YUV color, decoders should clamp

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_1edd2ae4453e3478187f2c8b4963eb73bac41e495[1].png

[none]x[none], YUV color, decoders should clamp

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\p[1].gif

GIF image data, version 89a, 1 x 1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\scripts[1].js

UTF-8 Unicode text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\sparkle[1].jpg

[TIFF image data, little-endian, direntries=1, copyright=prasongtakham - Fotolia], baseline, precision 8, 1048x1220, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\vtg4qoo[1].js

UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\adobe-spark[1].png

PNG image data, 299 x 59, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\d[1]

Web Open Font Format, CFF, length 66740, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\d[2]

Web Open Font Format, CFF, length 66508, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\express[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\sparkle-mobile[1].jpg

[TIFF image data, little-endian, direntries=1, copyright=prasongtakham - Fotolia], baseline, precision 8, 800x853, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[1]

Web Open Font Format, TrueType, length 25284, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[2]

Web Open Font Format, TrueType, length 24744, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[3]

Web Open Font Format, CFF, length 23416, version 0.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\marvel-error[1].css

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\media_1414f90572f278eae7d49cf2222e9b7d0063180cd[1].png

RIFF (little-endian) data, Web/P image

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\styles[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Temp\~DF88ABC3EC2C072926.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFC7F34313F804349B.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFF3DA1EF1686743C2.TMP

data

dropped

There are 23 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	4316
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	21:19:26
Date:	04/05/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff721e20000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4316 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	5848
Target ID:	2
Parent PID:	4316
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4316 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	21:19:27
Date:	04/05/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb50000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.pinterest.

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://www.linkedin.com

unknown

https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8

unknown

https://www.facebook.

unknown

http://typekit.com/eulas/0000000000000000000132e1

unknown

https://use.typekit.net/af/eaf09c/000000000000000000017703/27/

unknown

https://use.typekit.net/af/1da05b/0000000000000000000132df/27/

unknown

https://use.typekit.net/af/d8f71f/0000000000000000000132e1/27/

unknown

https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8

unknown

https://use.typekit.net/af/4b3e87/000000000000000000017706/27/

unknown

https://www.youtube.com

unknown

https://use.typekit.net/af/cb695f/000000000000000000017701/27/

unknown

http://typekit.com/eulas/000000000000000000017706

unknown

https://www.instagram.com

unknown

http://typekit.com/eulas/0000000000000000000132df

unknown

https://p.typekit.net/p.gif

unknown

https://twitter.com

unknown

http://typekit.com/eulas/0000000000000000000176ff

unknown

https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/

unknown

http://typekit.com/eulas/000000000000000000017701

unknown

https://adobesparkpost.app.link/jsoIbkwCVeb

unknown

http://typekit.com/eulas/000000000000000000017703

unknown

https://blog.adobespark.com/

unknown

https://use.typekit.net/af/40207f/0000000000000000000176ff/27/

unknown

https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8

unknown

http://typekit.com/eulas/0000000000000000000132e3

unknown

https://adobesparkpost.app.link/nfQW2NoCVeb

unknown

https://spark.adobe.co

unknown

There are 19 hidden URLs, click here to show them.

Domains

Name

Malicious

spark.adobeprojectm.com

65.9.66.89

Details

Name:	spark.adobeprojectm.com
IP:	65.9.66.89
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

use.typekit.net

unknown

Details

Name:	use.typekit.net
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

p.typekit.net

unknown

IPs

Domain

Country

Malicious

65.9.66.89

spark.adobeprojectm.com

United States

Details

IP:	65.9.66.89
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	spark.adobeprojectm.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{13BDDBCB-AD59-11EB-90E5-ECF4BB2D2496}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Total

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Total

There are 24 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF508E26000

unkown

page readonly

7FF520813000

unkown

page readonly

25D13257000

unkown

page read and write

1EF13200000

unkown

page read and write

7FF508B51000

unkown

page readonly

7FF508E91000

unkown

page readonly

1EF13213000

unkown

page read and write

81C87F7000

unkown

page read and write

25D13256000

unkown

page read and write

25D13251000

unkown

page read and write

7FF5210F7000

unkown

page readonly

7FF5211A7000

unkown

page readonly

81C8AFE000

unkown

page read and write

25D13300000

unkown

page read and write

7FF520FB0000

unkown

page readonly

7FF5210A1000

unkown

page readonly

25D13252000

unkown

page read and write

7FF520996000

unkown

page readonly

7FF5211A2000

unkown

page readonly

7FF508EBA000

unkown

page readonly

25D13190000

unkown

page read and write

25D13400000

unkown

page readonly

FC79D75000

unkown

page read and write

7FF5210CA000

unkown

page readonly

7FF5210C6000

unkown

page readonly

25D13288000

unkown

page read and write

7FF5210E6000

unkown

page readonly

25D13308000

unkown

page read and write

25D13180000

unkown

page readonly

1EF13080000

heap default

page read and write

25D13250000

unkown

page read and write

1EF13160000

unkown

page readonly

1EF13170000

unkown

page readonly

1EF1328E000

unkown

page read and write

7FF520E11000

unkown

page readonly

7FF521193000

unkown

page readonly

7FF52109F000

unkown

page readonly

7FF508DF3000

unkown

page readonly

81C867B000

unkown

page read and write

25D13253000

unkown

page read and write

7FF521196000

unkown

page readonly

7FF508553000

unkown

page readonly

25D13255000

unkown

page read and write

FC79F77000

unkown

page read and write

25D13200000

unkown

page read and write

7FF508EE7000

unkown

page readonly

1EF1322A000

unkown

page read and write

7FF508E0A000

unkown

page readonly

7FF508E94000

unkown

page readonly

1EF13400000

unkown

page readonly

7FF52115D000

unkown

page readonly

7FF508E06000

unkown

page readonly

25D13270000

unkown

page read and write

25D13C00000

unkown

page readonly

7FF508991000

unkown

page readonly

7FF508E2D000

unkown

page readonly

7FF5210B3000

unkown

page readonly

1EF13286000

unkown

page read and write

25D13249000

unkown

page read and write

7FF52116B000

unkown

page readonly

7FF508EE7000

unkown

page readonly

7FF508D28000

unkown

page readonly

1EF13090000

unkown

page readonly

25D13227000

unkown

page read and write

1EF1326F000

unkown

page read and write

7FF520F3A000

unkown

page readonly

1EF13302000

unkown

page read and write

7FF521154000

unkown

page readonly

25D1324D000

unkown

page read and write

7FF52117A000

unkown

page readonly

25D13290000

unkown

page read and write

25D13213000

unkown

page read and write

1EF13020000

heap private

page read and write

7FF521025000

unkown

page readonly

25D134D0000

unkown

page readonly

FC79C7F000

unkown

page read and write

1EF13A02000

unkown

page read and write

25D13313000

unkown

page read and write

81C89FD000

unkown

page read and write

7FF508D65000

unkown

page readonly

7FF508ED3000

unkown

page readonly

1EF13C00000

unkown

page readonly

25D13160000

heap default

page read and write

FC7A17C000

unkown

page read and write

7FF508DEF000

unkown

page readonly

25D13229000

unkown

page read and write

7FF508EE2000

unkown

page readonly

7FF508DE1000

unkown

page readonly

7FF5086D6000

unkown

page readonly

7FF508DFD000

unkown

page readonly

7FF5210AF000

unkown

page readonly

7FF5210BD000

unkown

page readonly

7FF521164000

unkown

page readonly

FC7A27F000

unkown

page read and write

25D13100000

heap private

page read and write

7FF508CD6000

unkown

page readonly

81C86FE000

unkown

page read and write

7FF508EA4000

unkown

page readonly

81C812B000

unkown

page read and write

81C857D000

unkown

page read and write

7FF520FB5000

unkown

page readonly

7FF508EA7000

unkown

page readonly

81C81AE000

unkown

page read and write

25D1324A000

unkown

page read and write

7FF5211A7000

unkown

page readonly

FC79E7B000

unkown

page read and write

7FF508E12000

unkown

page readonly

25D1323C000

unkown

page read and write

7FF50854D000

unkown

page readonly

1EF13790000

unkown

page readonly

FC7994B000

unkown

page read and write

25D1324B000

unkown

page read and write

7FF508E39000

unkown

page readonly

7FF521167000

unkown

page readonly

7FF521157000

unkown

page readonly

FC7A07F000

unkown

page read and write

7FF520C51000

unkown

page readonly

7FF508C7A000

unkown

page readonly

25D1324E000

unkown

page read and write

FC799CE000

unkown

page read and write

7FF508EAB000

unkown

page readonly

1EF1323C000

unkown

page read and write

7FF520FE8000

unkown

page readonly

7FF508E97000

unkown

page readonly

7FF5210F9000

unkown

page readonly

7FF508E37000

unkown

page readonly

7FF508CA7000

unkown

page readonly

7FF5210ED000

unkown

page readonly

25D13A02000

unkown

page read and write

7FF520C57000

unkown

page readonly

7FF508ED6000

unkown

page readonly

81C88FF000

unkown

page read and write

7FF508E9D000

unkown

page readonly

7FF520F96000

unkown

page readonly

7FF520FB8000

unkown

page readonly

25D13302000

unkown

page read and write

7FF521151000

unkown

page readonly

7FF508CF0000

unkown

page readonly

7FF508DDF000

unkown

page readonly

25D1326D000

unkown

page read and write

25D13170000

unkown

page readonly

7FF520F67000

unkown

page readonly

25D13F40000

unkown

page readonly

7FF508997000

unkown

page readonly

1EF13180000

unkown

page read and write

81C847E000

unkown

page read and write

1EF13313000

unkown

page read and write

7FF5210D2000

unkown

page readonly

There are 138 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://www.adobe.com/express/

https://spark.adobe.com/page/ql80qXs9cgl3o/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML