Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

AkimaPAYROLL 2023-03-20.htm

HTML document, ASCII text, with very long lines (65386), with CRLF line terminators

initial sample

C:\Users\eyup\Documents\Outlook Files\Outlook Data File - NoEmail.pst

data

dropped

Chrome Cache Entry: 136

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 137

HTML document, ASCII text, with very long lines (2345), with CRLF line terminators

downloaded

Chrome Cache Entry: 139

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651

downloaded

Chrome Cache Entry: 141

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113577

downloaded

Chrome Cache Entry: 142

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 143

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 347498

downloaded

Chrome Cache Entry: 144

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864

dropped

Chrome Cache Entry: 145

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 47818

downloaded

Chrome Cache Entry: 146

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 148

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 854156

downloaded

Chrome Cache Entry: 149

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 110674

downloaded

Chrome Cache Entry: 151

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 152

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1266361

downloaded

Chrome Cache Entry: 155

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592

dropped

Chrome Cache Entry: 157

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 412391

downloaded

Chrome Cache Entry: 158

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

dropped

Chrome Cache Entry: 159

ASCII text, with very long lines (32030)

downloaded

Chrome Cache Entry: 160

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 109863

downloaded

There are 10 hidden files, click here to show them.

URLs

Name

Malicious

file:///C:/Users/eyup/Desktop/AkimaPAYROLL%202023-03-20.htm

Details

Name:	file:///C:/Users/eyup/Desktop/AkimaPAYROLL%202023-03-20.htm
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
HTML document with suspicious title	System Summary
Phishing site detected (based on image similarity)	Phishing
No HTML title found	Phishing
None HTTPS page querying sensitive user data (password, username or email)	Phishing
Submit button contains javascript call	Phishing	Scripting
META author tag missing	Phishing
META copyright tag missing	Phishing

https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DyTv8auMLORdIcWeO11-2rveQJRH_dYo9RISyrj0a1sCP5C-YZOFmewUrp_ro-Kr7aBo_hYN_nbj6VXY8rQWMD9NGkN7i4QkVe6mHpNHef8Uvad_iTMMkpEY4xjmLQ8-RA0VMG1rw3ZXloOzjsCfEww&response_mode=form_post&nonce=638149470490347218.YTQ1NWI5MzQtNGYyMy00MmFhLWI5ODMtZTQ2MTkyMjI0NzAyYmRiNzFmZTgtODdlZi00NmFiLWI1OTItNWFlYzg1YTM0MDBk&redirect_uri=https%3A%2F%2Fportal.office.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=a8e8bdec-70fe-4013-911c-97f82fdc6d64&x-client-SKU=ID_NET472&x-client-ver=6.16.0.0

Details

Name:	https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DyTv8auMLORdIcWeO11-2rveQJRH_dYo9RISyrj0a1sCP5C-YZOFmewUrp_ro-Kr7aBo_hYN_nbj6VXY8rQWMD9NGkN7i4QkVe6mHpNHef8Uvad_iTMMkpEY4xjmLQ8-RA0VMG1rw3ZXloOzjsCfEww&response_mode=form_post&nonce=638149470490347218.YTQ1NWI5MzQtNGYyMy00MmFhLWI5ODMtZTQ2MTkyMjI0NzAyYmRiNzFmZTgtODdlZi00NmFiLWI1OTItNWFlYzg1YTM0MDBk&redirect_uri=https%3A%2F%2Fportal.office.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=a8e8bdec-70fe-4013-911c-97f82fdc6d64&x-client-SKU=ID_NET472&x-client-ver=6.16.0.0
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Details

Name:	https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000006-0000-0ff1-ce00-000000000000&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DyTv8auMLORdIcWeO11-2rveQJRH_dYo9RISyrj0a1sCP5C-YZOFmewUrp_ro-Kr7aBo_hYN_nbj6VXY8rQWMD9NGkN7i4QkVe6mHpNHef8Uvad_iTMMkpEY4xjmLQ8-RA0VMG1rw3ZXloOzjsCfEww&response_mode=form_post&nonce=638149470490347218.YTQ1NWI5MzQtNGYyMy00MmFhLWI5ODMtZTQ2MTkyMjI0NzAyYmRiNzFmZTgtODdlZi00NmFiLWI1OTItNWFlYzg1YTM0MDBk&redirect_uri=https%3A%2F%2Fportal.office.com%2Flanding&ui_locales=en-US&mkt=en-US&client-request-id=a8e8bdec-70fe-4013-911c-97f82fdc6d64&x-client-SKU=ID_NET472&x-client-ver=6.16.0.0&sso_reload=true
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
No HTML title found	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Domains

Name

Malicious

l0u4.tk

8.39.235.63

cs1100.wpc.omegacdn.net

152.199.23.37

accounts.google.com

142.250.185.141

Details

Name:	accounts.google.com
IP:	142.250.185.141
TargetID:	6
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.18.100

clients.l.google.com

142.250.185.110

clients2.google.com

unknown

code.jquery.com

unknown

aadcdn.msftauth.net

unknown

IPs

Domain

Country

Malicious

142.250.184.195

unknown

United States

13.107.6.156

unknown

United States

142.250.186.67

unknown

United States

34.104.35.123

unknown

United States

192.168.2.1

unknown

20.224.254.73

unknown

United States

20.190.159.73

unknown

United States

142.250.185.110

clients.l.google.com

United States

52.109.88.191

unknown

United States

192.168.2.3

unknown

142.250.185.202

unknown

United States

69.16.175.42

unknown

United States

20.190.160.14

unknown

United States

2.19.126.200

unknown

European Union

239.255.255.250

unknown

Reserved

142.250.185.141

accounts.google.com

United States

13.107.237.45

unknown

United States

192.229.221.95

unknown

United States

152.199.23.37

cs1100.wpc.omegacdn.net

United States

142.250.184.228

unknown

United States

127.0.0.1

unknown

8.39.235.63

l0u4.tk

United States

There are 12 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
AkimaPAYROLL 2023-03-20.htm

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAkimaPAYROLL 2023-03-20.htm

Files

URLs

Domains

IPs

IOC Report
AkimaPAYROLL 2023-03-20.htm