Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6140
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	13:05:19
Date:	27/05/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7931d0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6140 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	3728
Target ID:	2
Parent PID:	6140
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6140 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	13:05:20
Date:	27/05/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x30000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_list

unknown

Details

Name:	https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_list
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	~DF8172BE3A0CD9D1D6.TMP.1.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_listRoot

unknown

Details

Name:	https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_listRoot
TargetID:	1
From Memory:	true
Current Path:	C:\Program Files\internet explorer\iexplore.exe
Source:	{DC2DE5F0-BF26-11EB-90E4-ECF4BB862DED}.dat.1.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

vaccinecovid19.cra.ac.th

104.21.53.156

Details

Name:	vaccinecovid19.cra.ac.th
IP:	104.21.53.156
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.53.156

vaccinecovid19.cra.ac.th

United States

Details

IP:	104.21.53.156
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	vaccinecovid19.cra.ac.th

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{DC2DE5EE-BF26-11EB-90E4-ECF4BB862DED}

C:\Program Files\internet explorer\iexplore.exe

AdminActive

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

There are 10 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

D6B40FF000

unkown

page read and write

22D40E02000

unkown

page read and write

7FF5DA04E000

unkown

page readonly

7FF5D9F2D000

unkown

page readonly

22D405A0000

heap default

page read and write

7FF5D9EDE000

unkown

page readonly

7FF5DA09C000

unkown

page readonly

22D41340000

unkown

page readonly

7FF5DA022000

unkown

page readonly

7FF5D9C20000

unkown

page readonly

22D40600000

unkown

page read and write

22D40800000

unkown

page readonly

7FF5DA028000

unkown

page readonly

7FF5DA119000

unkown

page readonly

22D408D0000

unkown

page readonly

22D40540000

heap private

page read and write

7FF5D9E3A000

unkown

page readonly

22D41000000

unkown

page readonly

22D40700000

unkown

page read and write

7FF5DA026000

unkown

page readonly

7FF5D9E9F000

unkown

page readonly

22D40627000

unkown

page read and write

7FF5DA0B4000

unkown

page readonly

22D40629000

unkown

page read and write

7FF5DA111000

unkown

page readonly

D6B3FF7000

unkown

page read and write

D6B398B000

unkown

page read and write

22D40702000

unkown

page read and write

7FF5DA05F000

unkown

page readonly

7FF5DA012000

unkown

page readonly

22D4063C000

unkown

page read and write

22D40655000

unkown

page read and write

D6B3EFB000

unkown

page read and write

7FF5D9C10000

unkown

page readonly

22D40613000

unkown

page read and write

7FF5DA0B0000

unkown

page readonly

22D4064C000

unkown

page read and write

22D405C0000

unkown

page readonly

22D40708000

unkown

page read and write

7FF5DA08C000

unkown

page readonly

7FF5DA086000

unkown

page readonly

22D405D0000

unkown

page read and write

7FF5DA069000

unkown

page readonly

7FF5DA096000

unkown

page readonly

7FF5DA055000

unkown

page readonly

7FF5D9F08000

unkown

page readonly

7FF5DA07D000

unkown

page readonly

7FF5D9F23000

unkown

page readonly

7FF5DA0B7000

unkown

page readonly

22D4064F000

unkown

page read and write

22D405B0000

unkown

page readonly

7FF5DA10E000

unkown

page readonly

7FF5DA03A000

unkown

page readonly

22D40689000

unkown

page read and write

22D40671000

unkown

page read and write

D6B3DF5000

unkown

page read and write

7FF5D9D6D000

unkown

page readonly

22D40652000

unkown

page read and write

D6B3CFF000

unkown

page read and write

7FF5D9EEA000

unkown

page readonly

7FF5D9F8C000

unkown

page readonly

7FF5D9F51000

unkown

page readonly

7FF5DA010000

unkown

page readonly

D6B41FF000

unkown

page read and write

D6B3C7F000

unkown

page read and write

7FF5D9C0A000

unkown

page readonly

22D40713000

unkown

page read and write

7FF5DA119000

unkown

page readonly

7FF5DA0A5000

unkown

page readonly

7FF5D9F57000

unkown

page readonly

There are 60 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps