Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

MDE_File_Sample_e884aa3aef73b565a49bf50b5026f03df0b71867.zip

Zip archive data, at least v2.0 to extract, compression method=deflate

initial sample

C:\Users\user\AppData\Local\Temp\aivxhtbin

Unknown

dropped

C:\Users\user\AppData\Local\Temp\is-PM0GR.tmp\0krpbkkrhv.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\KBDTAILE\chrome.exe

PE32+ executable (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\d.cmd

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\e2413cf1

data

dropped

C:\Users\user\AppData\Local\Temp\is-BP6JL.tmp\App_version 13.1.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-EICU6.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-PM0GR.tmp\idp.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\joot

Unknown

dropped

C:\Users\user\AppData\Local\Temp\~DFB7F108AF5AE974DE.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Users\user\AppData\Roaming\KBDTAILE\115.0.5790.110.manifest

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\KBDTAILE\chrome_elf.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\KBDTAILE\tyranny.vhd

PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Roaming\YCCKDJWTATR\AKXXALPGLVKPJCJY

data

dropped

There are 5 hidden files, click here to show them.

URLs

Name

Malicious

http://ip-api.com/line/?fields=hosting

208.95.112.1

Domains

Name

Malicious

textbin.net

148.72.177.212

edge-block-www-env.dropbox-dns.com

162.125.1.15

archive.org

207.241.224.2

www-env.dropbox-dns.com

162.125.1.18

ip-api.com

208.95.112.1

pastebin.com

104.20.68.143

i.ibb.co

172.96.160.210

ucd55bcbcc16cc3ee1604436751a.dl.dropboxusercontent.com

unknown

www.dropbox.com

unknown

uc36ea308d0c0c7111ad797123a0.dl.dropboxusercontent.com

unknown

IPs

Domain

Country

Malicious

62.182.156.148

unknown

Russian Federation

Details

IP:	62.182.156.148
TargetID:	25
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	34724
ASN name:	AutonomousSystemofBaunetworks-SerbiaRS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

212.109.194.100

unknown

Russian Federation

Details

IP:	212.109.194.100
TargetID:	25
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	29182
ASN name:	THEFIRST-ASRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

208.95.112.1

ip-api.com

United States

148.72.177.212

textbin.net

United States

Details

IP:	148.72.177.212
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\Temp\is-2HF2T.tmp\App_version 13.1.tmp
Country:	United States
Countrycode:	USA
ASN number:	30083
ASN name:	AS-30083-GO-DADDY-COM-LLCUS
Private:	false
Domain:	textbin.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.20.68.143

pastebin.com

United States

Details

IP:	104.20.68.143
TargetID:	25
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	pastebin.com

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

207.241.224.2

archive.org

United States

Details

IP:	207.241.224.2
TargetID:	17
Current Path:	C:\Users\user\AppData\Local\Temp\is-PM0GR.tmp\0krpbkkrhv.exe
Country:	United States
Countrycode:	USA
ASN number:	7941
ASN name:	INTERNET-ARCHIVEUS
Private:	false
Domain:	archive.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.96.160.210

i.ibb.co

United States

Details

IP:	172.96.160.210
TargetID:	17
Current Path:	C:\Users\user\AppData\Local\Temp\is-PM0GR.tmp\0krpbkkrhv.exe
Country:	United States
Countrycode:	USA
ASN number:	23470
ASN name:	RELIABLESITEUS
Private:	false
Domain:	i.ibb.co

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

162.125.1.18

www-env.dropbox-dns.com

United States

Details

IP:	162.125.1.18
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\Temp\is-2HF2T.tmp\App_version 13.1.tmp
Country:	United States
Countrycode:	USA
ASN number:	19679
ASN name:	DROPBOXUS
Private:	false
Domain:	www-env.dropbox-dns.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

162.125.1.15

edge-block-www-env.dropbox-dns.com

United States

Details

IP:	162.125.1.15
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\Temp\is-2HF2T.tmp\App_version 13.1.tmp
Country:	United States
Countrycode:	USA
ASN number:	19679
ASN name:	DROPBOXUS
Private:	false
Domain:	edge-block-www-env.dropbox-dns.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MDE_File_Sample_e884aa3aef73b565a49bf50b5026f03df0b71867.zip

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMDE_File_Sample_e884aa3aef73b565a49bf50b5026f03df0b71867.zip

Files

URLs

Domains

IPs

IOC Report
MDE_File_Sample_e884aa3aef73b565a49bf50b5026f03df0b71867.zip