Automated Malware Analysis IOC Report for

URLs

Name

Malicious

http://onedrive.live.com/download?cid=7BB5E286F12776DD&resid=7BB5E286F12776DD%21105&authkey=AMOExoSCD2ywjes

Details

Filetype:	URL
Filename:	http://onedrive.live.com/download?cid=7BB5E286F12776DD&resid=7BB5E286F12776DD%21105&authkey=AMOExoSCD2ywjes

Signature Hits	Behavior Group	Mitre Attack
Found iframes	Phishing	Drive-by Compromise
No HTML title found	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Classification label	System Summary	Extra Window Memory Injection
Uses HTTPS	Networking	Encrypted Channel
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Spawns processes	System Summary	Process Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
META author tag missing	Phishing
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Creates files inside the program directory	System Summary	Masquerading
META copyright tag missing	Phishing
Creates a directory in C:\Program Files	Compliance, System Summary
Found graphical window changes (likely an installer)	System Summary

https://onedrive.live.com/?cid=7bb5e286f12776dd&id=7BB5E286F12776DD%21105&authkey=%21AMOExoSCD2ywjes

https://onedrive.live.com/viruswarning.aspx/po%20961691589.pdf.tar?cid=7bb5e286f12776dd&avres=Infected&resid=7BB5E286F12776DD!105&authkey=!AMOExoSCD2ywjes

https://onedrive.live.com/?authkey=%21AMOExoSCD2ywjes&cid=7BB5E286F12776DD&id=7BB5E286F12776DD%21105&parId=root&o=OneUp

Domains

Name

Malicious

accounts.google.com

142.250.185.173

dual-a-0001.a-msedge.net

204.79.197.200

l-0003.l-dc-msedge.net

13.107.43.12

part-0017.t-0009.fbs1-t-msedge.net

13.107.219.45

i-am3p-cor006.api.p001.1drv.com

13.104.158.180

www.google.com

142.250.186.164

clients.l.google.com

142.250.185.206

c.live.com

unknown

shellprod.msocdn.com

unknown

storage.live.com

unknown

skyapi.onedrive.live.com

unknown

clients2.google.com

unknown

onedrive.live.com

unknown

wf6uzq.db.files.1drv.com

unknown

skydrive.live.com

unknown

api.onedrive.com

unknown

p.sfx.ms

unknown

amcdn.msftauth.net

unknown

dub01pap002files.storage.live.com

unknown

There are 9 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.185.206

clients.l.google.com

United States

52.228.36.228

unknown

United States

204.79.197.200

dual-a-0001.a-msedge.net

United States

13.107.219.45

part-0017.t-0009.fbs1-t-msedge.net

United States

2.16.107.90

unknown

European Union

13.95.147.73

unknown

United States

51.11.192.49

unknown

United Kingdom

2.20.9.204

unknown

European Union

40.126.31.71

unknown

United States

13.107.43.12

l-0003.l-dc-msedge.net

United States

13.107.43.13

unknown

United States

20.189.173.14

unknown

United States

104.91.71.141

unknown

United States

13.104.208.162

unknown

United States

34.104.35.123

unknown

United States

1.1.1.1

unknown

Australia

184.51.105.213

unknown

United States

23.54.139.180

unknown

United States

142.250.186.163

unknown

United States

13.107.42.13

unknown

United States

13.107.42.12

unknown

United States

20.234.93.27

unknown

United States

23.45.102.249

unknown

United States

239.255.255.250

unknown

Reserved

20.190.159.2

unknown

United States

192.229.221.185

unknown

United States

2.20.8.220

unknown

European Union

142.250.185.173

accounts.google.com

United States

40.90.128.17

unknown

United States

88.221.169.199

unknown

European Union

142.250.186.164

www.google.com

United States

152.199.21.175

unknown

United States

23.213.164.142

unknown

United States

172.217.16.195

unknown

United States

142.250.185.74

unknown

United States

127.0.0.1

unknown

20.44.10.123

unknown

United States

88.221.168.218

unknown

European Union

There are 28 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://onedrive.live.com/download?cid=7BB5E286F12776DD&resid=7BB5E286F12776DD%21105&authkey=AMOExoSCD2ywjes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://onedrive.live.com/download?cid=7BB5E286F12776DD&resid=7BB5E286F12776DD%21105&authkey=AMOExoSCD2ywjes

URLs

Domains

IPs

IOC Report
http://onedrive.live.com/download?cid=7BB5E286F12776DD&resid=7BB5E286F12776DD%21105&authkey=AMOExoSCD2ywjes