Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

skm_03029876554.htm

HTML document, ASCII text, with CRLF line terminators

initial sample

C:\Users\eyup\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

COM executable for DOS

dropped

C:\Users\eyup\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

COM executable for DOS

dropped

C:\Users\eyup\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230321000632Z-238.bmp

PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54

dropped

C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

data

dropped

C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

JSON data

dropped

C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

data

dropped

C:\Users\eyup\AppData\Local\Temp\acrord32_sbx\A9pi4hwn_1u6bam5_1dg.tmp

PDF document, version 1.6, 0 pages

dropped

C:\Users\eyup\Documents\Outlook Files\Outlook Data File - NoEmail.pst

data

dropped

C:\Users\eyup\Downloads\0743ed68-e186-4fdd-be66-e56798cabd74.tmp

PDF document, version 1.6 (zip deflate encoded)

dropped

C:\Users\eyup\Downloads\sa100-2021.pdf (copy)

PDF document, version 1.6 (zip deflate encoded)

dropped

C:\Users\eyup\Downloads\sa100-2021.pdf.crdownload

PDF document, version 1.6 (zip deflate encoded)

dropped

Chrome Cache Entry: 123

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 124

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 126

assembler source, ASCII text

downloaded

Chrome Cache Entry: 127

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 128

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

dropped

Chrome Cache Entry: 130

ASCII text, with very long lines (32030)

downloaded

There are 8 hidden files, click here to show them.

URLs

Name

Malicious

file:///C:/Users/eyup/Desktop/skm_03029876554.htm

Details

Name:	file:///C:/Users/eyup/Desktop/skm_03029876554.htm
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Phishing site detected (based on favicon image match)	Phishing
HTML document with suspicious title	System Summary
Phishing site detected (based on image similarity)	Phishing
Invalid 'forgot password' link found	Phishing
No HTML title found	Phishing
None HTTPS page querying sensitive user data (password, username or email)	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Sample is known by Antivirus	System Summary

http://amidaworld.com/set/style.css

192.3.140.99

Domains

Name

Malicious

cs1100.wpc.omegacdn.net

152.199.23.37

accounts.google.com

142.250.185.205

www.google.com

142.250.186.100

clients.l.google.com

172.217.16.206

amidaworld.com

192.3.140.99

Details

Name:	amidaworld.com
IP:	192.3.140.99
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

clients2.google.com

unknown

code.jquery.com

unknown

aadcdn.msftauth.net

unknown

IPs

Domain

Country

Malicious

142.250.184.195

unknown

United States

34.104.35.123

unknown

United States

1.1.1.1

unknown

Australia

192.168.2.1

unknown

216.58.212.164

unknown

United States

172.217.16.206

clients.l.google.com

United States

151.101.0.144

unknown

United States

52.109.13.64

unknown

United States

142.250.185.205

accounts.google.com

United States

69.16.175.42

unknown

United States

20.189.173.15

unknown

United States

239.255.255.250

unknown

Reserved

192.3.243.146

unknown

United States

192.229.221.95

unknown

United States

192.3.140.99

amidaworld.com

United States

152.199.23.37

cs1100.wpc.omegacdn.net

United States

52.109.76.141

unknown

United States

127.0.0.1

unknown

142.250.186.99

unknown

United States

There are 9 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
skm_03029876554.htm

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportskm_03029876554.htm

Files

URLs

Domains

IPs

IOC Report
skm_03029876554.htm