Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://covid19.protected-forms.com/XWkZKNVRYQmFTVmxrVkRoek9VTkdXRzVHWjNBM2RtMDBRMlptZVRkdGNFUjFZekV6ZWxkblJEZzFiMlZCTWxoTlVXaG5aMHRoYW1kc09VSnlja2xZYkc5MlYwdzNOWFpsVERWNUsxWXZiVkJ5YURreFUzTk9kbGt4ZWtoSGRYa3dTM1ppY1hkT0x6Y3pSMFJXVjNsMWRXNVRiRnBCZURZMGJVWkNlRlJ0TVdGM1REZEhNRnA0ZW5keksyTmFZV2hPWVRGd1Z6Tm9iRFVyVlhnd1UwdHhOVkU0YTJsRGRXMDBjMlZOUFMwdGVsSnhlVlJOWkZKRlNIVjZZbEpUYkVscGJUQTJaejA5LS0yNjI0MmEyNmU5MTE4NzY5Nzk4YzQ5Nzk4MGQyMGYxNmNiYmE1MGQy?cid=874637403

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\secured-login[1].xml

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B1EB684-C85C-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B1EB686-C85C-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1283C016-C85C-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\IU9ESTP0.htm

HTML document, ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KB4-logo[1].png

PNG image data, 200 x 75, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\application-90929fee9f5daac0eca637129a780171565a15cebe060e2d86c95ffac685fd7b[1].js

UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f[1].js

HTML document, ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\vendor-f9f57d7be17e331a1955[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css2[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\dd[1].css

UTF-8 Unicode text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\QRF01zv[1].png

PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\mem8YaGs126MiZpBA-U1UQ[1].woff

Web Open Font Format, TrueType, length 55324, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\6F17TJ3O.htm

HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bootstrap.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Temp\~DF820E21105090C19F.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFB81FC44A4392FBBB.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFD3A635E75702A4C0.TMP

data

dropped

There are 19 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	5852
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	15:18:42
Date:	08/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff748760000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5852 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	6000
Target ID:	2
Parent PID:	5852
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5852 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	15:18:42
Date:	08/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x270000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css

unknown

http://api.jqueryui.com/slide-effect/

unknown

https://github.com/moment/moment/issues/1423

unknown

https://github.com/chartjs/Chart.js/pull/4507

unknown

https://covid19.protected-forms.com/XWkZKNVRYQmFTVmxrVkRoek9VTkdXRzVHWjNBM2RtMDBRMlptZVRkdGNFUjFZekV

unknown

http://stackoverflow.com/a/32954565/96342

unknown

https://github.com/madrobby/zepto/blob/master/src/zepto.js

unknown

https://stackoverflow.com/questions/30464750/chartjs-line-chart-set-background-color

unknown

https://github.com/chartjs/Chart.js/issues/5597

unknown

http://stackoverflow.com/a/26707753

unknown

https://github.com/jquery/jquery-color

unknown

https://github.com/select2/select2/blob/master/LICENSE.md

unknown

http://api.jqueryui.com/jQuery.widget/

unknown

http://blog.jquery.com/2012/08/09/jquery-1-8-released/

unknown

http://codereview.stackexchange.com/q/13338

unknown

https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=561664

unknown

http://dev.w3.org/csswg/cssom/#resolved-values

unknown

https://caniuse.com/download

unknown

https://github.com/chartjs/Chart.js/issues/2538

unknown

http://dev.w3.org/csswg/css-color/#hwb-to-rgb

unknown

https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon

unknown

http://www.apache.org/licenses/LICENSE-2.0)

unknown

https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js

unknown

http://api.jqueryui.com/button/

unknown

http://getbootstrap.com)

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=687787

unknown

https://blog.alexmaccaw.com/css-transitions

unknown

https://github.com/bassjobsen/Bootstrap-3-Typeahead

unknown

https://getbootstrap.com/docs/3.4/javascript/#transitions

unknown

https://github.com/chartjs/Chart.js/issues/4152

unknown

http://bugs.jquery.com/ticket/9917

unknown

http://www.reddit.com/

unknown

http://api.jqueryui.com/size-effect/

unknown

https://github.com/Do/iso8601.js

unknown

https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Safely_detecting_optio

unknown

http://momentjs.com/guides/#/warnings/zone/

unknown

http://bugs.jquery.com/ticket/12359

unknown

https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListener

unknown

https://w3c.github.io/IntersectionObserver/#intersection-observer-interface

unknown

http://creativecommons.org/licenses/by/3.0/)

unknown

http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html

unknown

https://www.nathanaeluser.com/blog/2013/reading-max-width-cross-browser

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=649285

unknown

https://getbootstrap.com/docs/3.4/javascript/#tooltip

unknown

https://github.com/chartjs/Chart.js/issues/6104

unknown

http://jsperf.com/diacritics/18

unknown

http://api.jqueryui.com/category/ui-core/

unknown

https://github.com/twbs/bootstrap/issues/20280

unknown

https://github.com/chartjs/Chart.js/issues/4287

unknown

https://getbootstrap.com/docs/3.4/javascript/#modals

unknown

https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158

unknown

https://jsperf.com/object-keys-vs-for-in-with-closure/3

unknown

https://stackoverflow.com/q/181348

unknown

https://getbootstrap.com/docs/3.4/javascript/#collapse

unknown

https://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/

unknown

https://github.com/chartjs/Chart.js/issues/4737

unknown

https://github.com/kkapsner/CanvasBlocker

unknown

http://www.robertpenner.com/easing/

unknown

https://w3c.github.io/IntersectionObserver/#calculate-intersection-rect-algo

unknown

https://github.com/chartjs/Chart.js/issues/3887

unknown

https://getbootstrap.com/docs/3.4/javascript/#scrollspy

unknown

https://github.com/w3c/IntersectionObserver/issues/211

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

http://flightschool.acylt.com/devnotes/caret-position-woes/

unknown

http://api.jqueryui.com/transfer-effect/

unknown

https://github.com/rails/jquery-ujs

unknown

https://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=491668

unknown

https://github.com/marcj/css-element-queries

unknown

http://www.robertpenner.com/easing)

unknown

http://momentjs.com/guides/#/warnings/min-max/

unknown

https://github.com/chartjs/Chart.js/issues/4102

unknown

https://stackoverflow.com/q/3922139

unknown

http://api.jqueryui.com/drop-effect/

unknown

http://www.amazon.com/

unknown

http://www.twitter.com/

unknown

http://jsperf.com/getall-vs-sizzle/2

unknown

https://getbootstrap.com/docs/3.4/javascript/#buttons

unknown

https://github.com/jquery/jquery/pull/557)

unknown

https://www.html5canvastutorials.com/advanced/html5-canvas-mouse-coordinates/

unknown

http://api.jqueryui.com/menu/

unknown

https://getbootstrap.com/docs/3.4/javascript/#alerts

unknown

https://github.com/chartjs/Chart.js/issues/5208

unknown

http://api.jqueryui.com/category/effects-core/

unknown

http://bugs.jquery.com/ticket/8235

unknown

https://chartjs.gitbooks.io/proposals/content/Platform.html

unknown

https://secured-login.ted-forms.com/XWkZKNVRYQmFTVmxrVkRoek9VTkdXRzVHWjNBM2RtMDBRMlptZVRkdGNFUjFZekV

unknown

http://api.jqueryui.com/dialog/

unknown

https://w3c.github.io/IntersectionObserver/#intersection-observer-entry

unknown

https://secured-login.net/pages/c3955b1c48a/XWkZKNVRYQmFTVmxrVkRoek9VTkdXRzVHWjNBM2RtMDBRMlptZVRkdGNFUjFZekV6ZWxkblJEZzFiMlZCTWxoTlVXaG5aMHRoYW1kc09VSnlja2xZYkc5MlYwdzNOWFpsVERWNUsxWXZiVkJ5YURreFUzTk9kbGt4ZWtoSGRYa3dTM1ppY1hkT0x6Y3pSMFJXVjNsMWRXNVRiRnBCZURZMGJVWkNlRlJ0TVdGM1REZEhNRnA0ZW5keksyTmFZV2hPWVRGd1Z6Tm9iRFVyVlhnd1UwdHhOVkU0YTJsRGRXMDBjMlZOUFMwdGVsSnhlVlJOWkZKRlNIVjZZbEpUYkVscGJUQTJaejA5LS0yNjI0MmEyNmU5MTE4NzY5Nzk4YzQ5Nzk4MGQyMGYxNmNiYmE1MGQy

http://api.jqueryui.com/shake-effect/

unknown

http://www.nytimes.com/

unknown

https://github.com/Microsoft/tslib/blob/v1.6.0/tslib.js

unknown

https://stackoverflow.com/questions/10149963/adding-event-listener-cross-browser

unknown

https://github.com/imulus/retinajs/issues/8

unknown

http://jsperf.com/1-vs-infinity

unknown

https://github.com/cujojs/when/issues/410

unknown

https://getbootstrap.com/)

unknown

https://github.com/ankane/chartkick.js

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

cdn2.hubspot.net

104.17.243.204

Details

Name:	cdn2.hubspot.net
IP:	104.17.243.204
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

s3.amazonaws.com

52.217.196.184

Details

Name:	s3.amazonaws.com
IP:	52.217.196.184
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

cdnjs.cloudflare.com

104.16.18.94

Details

Name:	cdnjs.cloudflare.com
IP:	104.16.18.94
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

secured-login.net

34.226.85.79

Details

Name:	secured-login.net
IP:	34.226.85.79
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

landing.training.knowbe4.com

34.226.85.79

Details

Name:	landing.training.knowbe4.com
IP:	34.226.85.79
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

ipv4.imgur.map.fastly.net

151.101.112.193

Details

Name:	ipv4.imgur.map.fastly.net
IP:	151.101.112.193
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

covid19.protected-forms.com

unknown

Details

Name:	covid19.protected-forms.com
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

i.imgur.com

unknown

favicon.ico

unknown

IPs

Domain

Country

Malicious

52.217.196.184

s3.amazonaws.com

United States

Details

IP:	52.217.196.184
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	s3.amazonaws.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.17.243.204

cdn2.hubspot.net

United States

Details

IP:	104.17.243.204
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cdn2.hubspot.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.112.193

ipv4.imgur.map.fastly.net

United States

Details

IP:	151.101.112.193
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	ipv4.imgur.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.16.18.94

cdnjs.cloudflare.com

United States

Details

IP:	104.16.18.94
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cdnjs.cloudflare.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

34.226.85.79

secured-login.net

United States

Details

IP:	34.226.85.79
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	14618
ASN name:	AMAZON-AESUS
Private:	false
Domain:	secured-login.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{0B1EB684-C85C-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NumberOfSubdomains

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Total

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

NULL

C:\Program Files (x86)\Internet Explorer\iexplore.exe

Total

There are 23 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML