Automated Malware Analysis IOC Report for

Details

Filetype:	URL
Filename:	https://landarch.org/hassani/index.php

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Phishing site detected (based on shot template match)	Phishing
Yara detected HtmlPhish10	Phishing
Yara detected HtmlPhish7	Phishing
Phishing site detected (based on various OCR indicators)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Classification label	System Summary
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Reads ini files	System Summary	File and Directory Discovery
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Uses HTTPS	Networking	Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses new MSVCR Dlls	Compliance, System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\index[1].htm
IE cache URL:	https://landarch.org/hassani/index.php
Category:	downloaded
Dump:	index[1].htm.2.dr
ID:	dr_6
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Entropy:	4.8159515725639555
Encrypted:	false
Ssdeep:	192:K2FI5vEJKnYmrDfG4RywAOT+UY/t4IdtWPtY:1nmRnAKyt48tZ
Size:	11777
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing
Yara detected HtmlPhish7	Phishing

Details

File:	C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0B04448-B38D-11EB-90E5-ECF4BB2D2496}.dat
Category:	dropped
Dump:	RecoveryStore.{E0B04448-B38D-11EB-90E5-ECF4BB2D2496}.dat.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	Microsoft Word Document
Entropy:	1.8529727739977848
Encrypted:	false
Ssdeep:	96:r4ZrZF2oWUtFAfYHT1MCrT3RRC+fZHulX:r4ZrZF2oWUtOfYBMEznfZsX
Size:	30296
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0B0444A-B38D-11EB-90E5-ECF4BB2D2496}.dat
Category:	dropped
Dump:	{E0B0444A-B38D-11EB-90E5-ECF4BB2D2496}.dat.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	Microsoft Word Document
Entropy:	1.7717716723673704
Encrypted:	false
Ssdeep:	48:Iw01GcpryGwpayG4pQaGrapbSbGQpByGHHpc8TGUp8jGzYpm7DGopKRhxoGOXpRU:r6Z6QC6MBSVjJ20W5MJAByTwsbwr
Size:	27424
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7627DA5-B38D-11EB-90E5-ECF4BB2D2496}.dat
Category:	dropped
Dump:	{E7627DA5-B38D-11EB-90E5-ECF4BB2D2496}.dat.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	Microsoft Word Document
Entropy:	1.5654132269703587
Encrypted:	false
Ssdeep:	48:IwdEGcprTvGwpaVEG4pQH2GrapbS5GQpKSG7HpRFTGIpG:rWZ1QK6YBSTA9TTA
Size:	16984
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
Category:	modified
Dump:	imagestore.dat.2.dr
ID:	dr_25
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	data
Entropy:	7.9241968052279805
Encrypted:	false
Ssdeep:	96:y3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEy:ygXTY+as02mOB8XLEy
Size:	4221
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\adobe[1].jpg
IE cache URL:	https://landarch.org/hassani/images/adobe.jpg
Category:	downloaded
Dump:	adobe[1].jpg.2.dr
ID:	dr_7
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3
Entropy:	7.75667128400845
Encrypted:	false
Ssdeep:	768:nuowBuvTpjgz+wqrPZ2qh8fmyjlX6RqnxgYqwNL:nuPOpjgzPqrPZRYZGnYqYL
Size:	30925
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\free-v4-shims.min[1].css
IE cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
Category:	downloaded
Dump:	free-v4-shims.min[1].css.2.dr
ID:	dr_22
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	4.829823522211244
Encrypted:	false
Ssdeep:	192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
Size:	26701
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\free.min[1].css
IE cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
Category:	downloaded
Dump:	free.min[1].css.2.dr
ID:	dr_21
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	4.728641238865369
Encrypted:	false
Ssdeep:	768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
Size:	60351
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\jquery.min[1].js
IE cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Category:	downloaded
Dump:	jquery.min[1].js.2.dr
ID:	dr_8
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.366055229017455
Encrypted:	false
Ssdeep:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
Size:	85578
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\w-logo-blue-white-bg[1].png
IE cache URL:	https://landarch.org/wp-includes/images/w-logo-blue-white-bg.png
Category:	downloaded
Dump:	w-logo-blue-white-bg[1].png.2.dr
ID:	dr_24
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Entropy:	7.949120703870044
Encrypted:	false
Ssdeep:	96:h3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEd:hgXTY+as02mOB8XLEd
Size:	4119
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\585b051251[1].js
IE cache URL:	https://kit.fontawesome.com/585b051251.js
Category:	downloaded
Dump:	585b051251[1].js.2.dr
ID:	dr_16
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.182623714755422
Encrypted:	false
Ssdeep:	192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
Size:	10866
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].css
IE cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Category:	downloaded
Dump:	bootstrap.min[1].css.2.dr
ID:	dr_14
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.049937202697915
Encrypted:	false
Ssdeep:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
Size:	144877
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].js
IE cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Category:	downloaded
Dump:	bootstrap.min[1].js.2.dr
ID:	dr_15
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.272507874206726
Encrypted:	false
Ssdeep:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
Size:	48944
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\css[2].css
IE cache URL:	https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Category:	downloaded
Dump:	css[2].css.2.dr
ID:	dr_18
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text
Entropy:	5.026484232218891
Encrypted:	false
Ssdeep:	6:0IFFwKh+56ZRWHMqh7izlpdBEoKOEEJTONin:jFWmO6ZRoMqt6p3EondOY
Size:	211
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\popper.min[1].js
IE cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Category:	downloaded
Dump:	popper.min[1].js.2.dr
ID:	dr_17
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.212814407014048
Encrypted:	false
Ssdeep:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
Size:	19188
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\8[1].jpg
IE cache URL:	https://landarch.org/hassani/images/8.jpg
Category:	downloaded
Dump:	8[1].jpg.2.dr
ID:	dr_23
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3
Entropy:	7.5594351594508185
Encrypted:	false
Ssdeep:	3072:WucfAcwuKGuN2q/gSsqnk4br5XUGpppLqfmazv7l04J:OMuKbYOF355XEuAv7lnJ
Size:	161118
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery-3.1.1.min[1].js
IE cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Category:	downloaded
Dump:	jquery-3.1.1.min[1].js.2.dr
ID:	dr_19
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.367391365596119
Encrypted:	false
Ssdeep:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
Size:	86709
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery-3.2.1.slim.min[1].js
IE cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Category:	downloaded
Dump:	jquery-3.2.1.slim.min[1].js.2.dr
ID:	dr_20
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text, with very long lines
Entropy:	5.369216080582935
Encrypted:	false
Ssdeep:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
Size:	69597
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\gmail[1].png
IE cache URL:	https://landarch.org/hassani/images/gmail.png
Category:	downloaded
Dump:	gmail[1].png.2.dr
ID:	dr_13
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced
Entropy:	7.712342056984168
Encrypted:	false
Ssdeep:	1536:FxqKcVqezl0vLoYxEuKoYk5LHjGkT3b1mQOEj0+R+EH:FsK2qezl0zoYxEuKo7CYrOb+Rb
Size:	66743
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\hover[1].css
IE cache URL:	https://landarch.org/hassani/css/hover.css
Category:	downloaded
Dump:	hover[1].css.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	ASCII text
Entropy:	4.9296726009523
Encrypted:	false
Ssdeep:	1536:67O7EesvXIPRX4PT8aZv8qoXIoqbTFaFeTxvyAZ+D7M71D:qXIPRX4PT3
Size:	114697
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\office3651[1].png
IE cache URL:	https://landarch.org/hassani/images/office3651.png
Category:	downloaded
Dump:	office3651[1].png.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Entropy:	3.011161251318808
Encrypted:	false
Ssdeep:	96:2S+WvkiqJq6Uq7NXrNG+GHhsc5yeFZV9D2Ydcx/NTV0K0VFDsCmm:2SJkiOq6Uq75shDs1kFP
Size:	18025
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\other1[1].png
IE cache URL:	https://landarch.org/hassani/images/other1.png
Category:	downloaded
Dump:	other1[1].png.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
Entropy:	4.268463452779894
Encrypted:	false
Ssdeep:	192:ESCkiDw7e9Mg/wio0EYm9FWyo2XdJfXoOZdEDfmiIJQdiRVi/WTanY:DBiDw7eAdq+FWyo2/fXoZbDIJ0ci/BnY
Size:	21882
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\outlook1[1].png
IE cache URL:	https://landarch.org/hassani/images/outlook1.png
Category:	downloaded
Dump:	outlook1[1].png.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type:	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
Entropy:	7.682244426935498
Encrypted:	false
Ssdeep:	24:74yiH9yQmOntihdLl00qDeu1BcaDa0oljZG0:omOntO7v/uJDYG0
Size:	771
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\~DF21461B56EB5BEA2A.TMP
Category:	dropped
Dump:	~DF21461B56EB5BEA2A.TMP.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	data
Entropy:	0.4666697127888211
Encrypted:	false
Ssdeep:	48:kBqoxKAuvScS+yU+X7I70Rh4ivuQbif5ag0b:kBqoxKAuvScS+yU+XkYwsb
Size:	35185
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\~DF4E7BFA20179A1DA0.TMP
Category:	dropped
Dump:	~DF4E7BFA20179A1DA0.TMP.1.dr
ID:	dr_5
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	data
Entropy:	0.27918767598683664
Encrypted:	false
Ssdeep:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
Size:	25441
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\~DFC5762E6EF0DB105B.TMP
Category:	dropped
Dump:	~DFC5762E6EF0DB105B.TMP.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Program Files\internet explorer\iexplore.exe
Type:	data
Entropy:	0.477104916684086
Encrypted:	false
Ssdeep:	24:c9lLh9lLh9lIn9lIn9loO9lo+9lW/1Fg1e0O0:kBqoIJf/l0
Size:	13029
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML