Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

p.zip

Zip archive data, at least v2.0 to extract, compression method=store

initial sample

Details

Filetype:	Zip archive data, at least v2.0 to extract, compression method=store
Entropy:	7.9954323492941715
Filename:	p.zip
Filesize:	8375069
MD5:	494f1b16972242d5c03983dcd493407f
SHA1:	8341189dca8e634732f7acc04abd4630fe44d554
SHA256:	5348511726f31259f57bdd6db35c7afc88c43ccfa445f42cf3bc9cb3f53650f3
SHA512:	675119a196654749181c3e099ebb74bd60c64eab31708fc86079e05a3eee5afaa0b8662748c941b08eabe606871c108f74de4ddf2abc04d0543df7e4889c4aed
SSDEEP:	196608:XaZLbVL2l0HNeWH5/kdD16uc6KxINXT4GvnDxqjYSIDVS4xXs:C9CW/kdhK7INT4GPDxG0VS4x8
Preview:	PK.........OZ.............. .p/UT...U..gU..g...gux.............PK.........OZ.............. .__MACOSX/._pUT...U..gU..g...gux.............c`.cg`b`.MLV..V.P.....'...q.........!!AP&H.. .@S....M...K,(.I.+,M,J.+..Ke(.70.0.63OLKK4J.v.(..M.f..PK....l.c.......PK

Signature Hits	Behavior Group	Mitre Attack
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

ASCII text, with no line terminators

modified

Details

File:	C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Category:	modified
Dump:	F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock.22.dr
ID:	dr_0
Target ID:	22
Process:	C:\Windows\System32\Taskmgr.exe
Type:	ASCII text, with no line terminators
Entropy:	1.5
Encrypted:	false
Size:	4
Whitelisted:	false

URLs

Name

IP

Malicious

https://systeminformer.dev/update

104.21.85.212

https://system-informer.com/update.php?channel=release

104.21.16.1

Domains

Name

IP

Malicious

system-informer.com

104.21.16.1

Details

Name:	system-informer.com
IP:	104.21.16.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

systeminformer.dev

104.21.85.212

Details

Name:	systeminformer.dev
IP:	104.21.85.212
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

q-9999.standard.q-msedge.net

13.107.49.254

IPs

IP

Domain

Country

Malicious

104.21.16.1

system-informer.com

United States

Details

IP:	104.21.16.1
TargetID:	17
Current Path:	C:\Users\user\Desktop\p\SystemInformer.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	system-informer.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.85.212

systeminformer.dev

United States

Details

IP:	104.21.85.212
TargetID:	17
Current Path:	C:\Users\user\Desktop\p\SystemInformer.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	systeminformer.dev

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
p.zip

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportp.zip

Files

URLs

Domains

IPs

IOC Report
p.zip