IOCReport

loading gif

Files

File Path
Type
Category
Malicious
VjLfUM5cMx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{077FA0D4-11F8-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1A18F6F-11F7-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{077FA0D6-11F8-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1A18F71-11F7-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
modified
clean
C:\Users\user\AppData\Local\Temp\~DF53DFCC907A82F6AE.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFB3B5364D27108BD7.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFCE99751527B74E99.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFD3F956B20687A278.TMP
data
dropped
clean
There are 19 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\VjLfUM5cMx.exe
'C:\Users\user\Desktop\VjLfUM5cMx.exe'
malicious
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2856 CREDAT:17410 /prefetch:2
malicious
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1492 CREDAT:17410 /prefetch:2
malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean

URLs

Name
IP
Malicious
https://haverit.xyz/index.htm
unknown
clean
https://haverit.xyz/index.htmr#
unknown
clean
http://www.nytimes.com/
unknown
clean
https://sectigo.com/CPS0
unknown
clean
http://ocsp.sectigo.com0
unknown
clean
https://haverit.xyz/index.htmdex.htm
unknown
clean
http://%s=%s&file://&os=%u.%u_%u_%u_x%uindex.html;
unknown
clean
http://www.youtube.com/
unknown
clean
http://www.wikipedia.com/
unknown
clean
http://www.amazon.com/
unknown
clean
https://haverit.xyz
unknown
clean
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
unknown
clean
http://www.live.com/
unknown
clean
https://haverit.xyz/0b
unknown
clean
https://haverit.xyz/Q
unknown
clean
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
unknown
clean
http://www.reddit.com/
unknown
clean
http://www.twitter.com/
unknown
clean
https://haverit.xyz/index.htm&E
unknown
clean
https://haverit.xyz/index.htmRoot
unknown
clean
http://www.google.com/
unknown
clean
There are 11 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
haverit.xyz
unknown
malicious

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{E1A18F6F-11F7-11EC-90EB-ECF4BBEA1588}
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
CVListPingLastYMD
clean
C:\Program Files\internet explorer\iexplore.exe
CVListPingBitmap
clean
C:\Program Files\internet explorer\iexplore.exe
CVListPingRandomizedBitmap
clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed
clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed