IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Arrival Notice, CIA Awb Inv Form.pdf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DF37AB796C0CD232D7.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
"C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
malicious
C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
"C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
malicious
C:\Windows\SysWOW64\NETSTAT.EXE
C:\Windows\SysWOW64\NETSTAT.EXE
malicious
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://www.thaicharuen.com/s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGP
107.178.157.225
malicious
http://www.soarlikeaneagle.site/s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGP
70.40.220.123
malicious
http://www.musee-radix-hairsalon.com/s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP
183.181.99.12
malicious
http://www.celsb.com/s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGP
154.94.229.8
malicious
www.papllc.biz/s3f1/
malicious
http://www.4mtechmachines.com/s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp
184.168.98.97
malicious
http://www.izivente.com/s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGP
64.190.62.111
malicious
http://www.evaccines.com/s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGP
3.64.163.50
malicious
https://api.msn.com/v1/news/Feed/Windows?
unknown
clean
https://word.office.com
unknown
clean
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
unknown
clean
https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=download
142.250.186.97
clean
https://doc-14-5s-docs.googleusercontent.com/%%doc-14-5s-docs.googleusercontent.com
unknown
clean
https://powerpoint.office.come
unknown
clean
https://doc-14-5s-docs.googleusercontent.com/tography
unknown
clean
https://doc-14-5s-docs.googleusercontent.com/
unknown
clean
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
clean
http://www.teslafreesuperchargermiles.com/s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGP
34.102.136.180
clean
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
unknown
clean
http://www.hara.cloud/s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlp
34.102.136.180
clean
https://sedo.com/search/details/?partnerid=324561&language=e&domain=izivente.com&origin=sales_lander
unknown
clean
https://excel.office.com
unknown
clean
http://www.foreca.com
unknown
clean
http://schemas.micro
unknown
clean
https://outlook.com
unknown
clean
https://aka.ms/odirm
unknown
clean
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
unknown
clean
https://www.msn.com/?ocid=iehp
unknown
clean
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
unknown
clean
https://drive.google.com/
unknown
clean
http://www.mvsteals.com/s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGP
34.102.136.180
clean
https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt6
unknown
clean
https://www.msn.com/de-ch/?ocid=iehp
unknown
clean
https://api.msn.com/
unknown
clean
https://api.msn.com/v1/News/Feed/Windows?apikey=a
unknown
clean
https://windows.msn.com:443/shell
unknown
clean
https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
unknown
clean
https://www.msn.com/?ocid=iehpA
unknown
clean
https://www.msn.com:443/en-us/feed
unknown
clean
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
unknown
clean
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
unknown
clean
There are 31 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.thaicharuen.com
107.178.157.225
malicious
4mtechmachines.com
184.168.98.97
malicious
www.musee-radix-hairsalon.com
183.181.99.12
malicious
www.celsb.com
154.94.229.8
malicious
www.izivente.com
64.190.62.111
malicious
soarlikeaneagle.site
70.40.220.123
malicious
www.evaccines.com
3.64.163.50
malicious
www.federal-funds-deposit.com
unknown
malicious
www.safety1-venture.us
unknown
malicious
www.4mtechmachines.com
unknown
malicious
www.facebook-meta-morphosis.com
unknown
malicious
www.teslafreesuperchargermiles.com
unknown
malicious
www.mvsteals.com
unknown
malicious
www.hara.cloud
unknown
malicious
www.papllc.biz
unknown
malicious
www.eggchanceapple.top
unknown
malicious
www.bncmobile.com
unknown
malicious
www.morningstarapparel.space
unknown
malicious
www.soarlikeaneagle.site
unknown
malicious
hara.cloud
34.102.136.180
clean
teslafreesuperchargermiles.com
34.102.136.180
clean
mvsteals.com
34.102.136.180
clean
drive.google.com
142.250.185.110
clean
teespring.netlifyglobalcdn.com
35.198.112.85
clean
googlehosted.l.googleusercontent.com
142.250.186.97
clean
doc-14-5s-docs.googleusercontent.com
unknown
clean
There are 16 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
70.40.220.123
soarlikeaneagle.site
United States