Play interactive tour

Edit tour

Analysis Report http://cs9.wac.phicdn.net

Overview

General Information

Sample URL:	http://cs9.wac.phicdn.net
Analysis ID:	345320
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 5540 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 2792 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: classification engine

Classification label: clean0.win@3/8@0/0

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF315D8D3ABF3812AE.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://cs9.wac.phicdn.net	0%	Virustotal		Browse
http://cs9.wac.phicdn.net	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
0	0%	Virustotal		Browse

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
0	false	0%, Virustotal, Browse	low

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	345320
Start date:	28.01.2021
Start time:	02:01:05
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://cs9.wac.phicdn.net
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/8@0/0
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.139.144, 168.61.161.212, 104.83.120.32, 93.184.220.29, 51.104.139.180, 2.20.84.85, 152.199.19.161, 95.101.22.134, 95.101.22.125, 20.54.26.129, 205.185.216.42, 205.185.216.10 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB0EC121-614F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32344
Entropy (8bit):	1.8018053241447989
Encrypted:	false
SSDEEP:	48:IwaGcprbGwpLMG/ap8nrGIpckvGvnZpvkzGotqp9k2Go4xpmk6GW3d9kyGWtdzGi:reZ1ZO2n9WkgtkYfkxxMk0kdphJ2
MD5:	16B749B1692A77D7031A2DD19715BD0F
SHA1:	B2AAB3C19AA73CDD8FD9B539DD3FF5256703CB3F
SHA-256:	61E29B2635DC1C693AEB9F7B9A229705EEAD05A8D04571D5B829D0EFA5D8F0B0
SHA-512:	AF24B50543678EC511A795049B00EFAD3F5B63412FE888F4571BD64A02F57F736F6C4D675494683CA8A50E0DC22F3C8E386472A70E1FECCB45778FF33EFAD515
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB0EC123-614F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.6003409092114207
Encrypted:	false
SSDEEP:	48:IwnGcpre7Gwpa2G4pQuGrapbS/rGQpBaGHHpcAsTGUpQquGcpm:rNZeVQG6gBS/Fjh2Ak65g
MD5:	CDFF289CF3671FA0147349722E340DB1
SHA1:	CDB1F7BF07A3C9577170DB9D1D3510C8CD80D4C9
SHA-256:	4217A17F98055ED0569FF1CD0765573B7785B94FFD7160865C652C96777DD31D
SHA-512:	833563B1EF0868479AC147E9137AD7CB7491783334C5E2878CD212BAE3230A6B7077C62BA1E5DCC0B8440A92CF965A41BEA3C04A3AF4AE162C8F3F2F3C10BF79
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\WDYZYX9S.3br6wd8.partial Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:3:3
MD5:	5BFA51F3A417B98E7443ECA90FC94703
SHA1:	8C015D80B8A23F780BDD215DC842B0F5551F63BD
SHA-256:	BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
SHA-512:	4CD03686254BB28754CBAA635AE1264723E2BE80CE1DD0F78D1AB7AEE72232F5B285F79E488E9C5C49FF343015BD07BB8433D6CEE08AE3CEA8C317303E3AC399
Malicious:	false
Reputation:	low
Preview:	0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\WDYZYX9S.3br6wd8.partial:Zone.Identifier Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:gAWY3n:qY3n
MD5:	FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:	D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:	AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:	false
Reputation:	low
Preview:	[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\WDYZYX9S Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:3:3
MD5:	5BFA51F3A417B98E7443ECA90FC94703
SHA1:	8C015D80B8A23F780BDD215DC842B0F5551F63BD
SHA-256:	BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
SHA-512:	4CD03686254BB28754CBAA635AE1264723E2BE80CE1DD0F78D1AB7AEE72232F5B285F79E488E9C5C49FF343015BD07BB8433D6CEE08AE3CEA8C317303E3AC399
Malicious:	false
Reputation:	low
Preview:	0....

C:\Users\user\AppData\Local\Temp\JavaDeployReg.log Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.314475398427273
Encrypted:	false
SSDEEP:	3:oVXUQkfQchXl8JOGXnEQkfQchXEun:o9UQkfQcBlqEQkfQcBEu
MD5:	408AFFB6C9E340796EE77CAD5FEB1063
SHA1:	186A2F143B2B9EA364E1F87802D3D6B5BF5DC5BB
SHA-256:	9C8C57F38C094C9EE5D160CF5489C017A2081F6C3031033A3F9A60EC9AE3765A
SHA-512:	9229EF09A54424014B00DE7477805857F1E330F380A4030FD9BF7391FFD0B17D15AE5F66EBF42FECC921145F943AC95FEE91ECCA939B98B051A786C54B5EE572
Malicious:	false
Reputation:	low
Preview:	[2021/01/28 02:01:59.026] Latest deploy version: ..[2021/01/28 02:01:59.026] 11.211.2 ..

C:\Users\user\AppData\Local\Temp\~DF315D8D3ABF3812AE.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	12981
Entropy (8bit):	0.4470705606461275
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loNtF9loNn9lWNYCkGvCkkUkkFA:kBqoIm4EQI7
MD5:	58321CE76B5922D5DF47BFF549BE5E8E
SHA1:	7B5C0E299EEBAFF6833CB9B6FE7B7B5F2C28002D
SHA-256:	873726B79D2A6F6C17A6E558A78DDFD6E8E5DC2D86D0D3AF066F11822493DD12
SHA-512:	502E5AE1AA134E5FA07E3F317B7A64E2CE207EAC5893526523CF03C62F7540FA4DAD23706FCCD16DC15677D44BC65A1D92A84C14F4BA1EE293F67AF5CCA30F14
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAB18AA8939116C44.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29989
Entropy (8bit):	0.3302367471468473
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lw49lwo9l2O/9l2G9la5:kBqoxKAuvScS+rlO+7qy
MD5:	B18F8D9626944D6E543E81AD4BED9680
SHA1:	B2531E5E9F92A76B517AB820A1A3EA34CFEA334F
SHA-256:	EAB5955098A91BD47A4A13C61AC004D0655896D58545E375C899F28506AAF60B
SHA-512:	560DBED3F8F899032FCACDF7034430BB68FD865A685B9A6395C9FD05D4DC61F29C2F32607A2F39F5874FF79433090DBFEABD9327098C6C9C1ED4D217CA7BCACE
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 28, 2021 02:01:53.116576910 CET	50141	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:53.132112980 CET	53	50141	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:55.265803099 CET	53023	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:55.281713963 CET	53	53023	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:56.182648897 CET	49563	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:56.197866917 CET	53	49563	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:56.970231056 CET	51352	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:56.985271931 CET	53	51352	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:58.029006958 CET	59349	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:58.044410944 CET	53	59349	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:58.632379055 CET	57084	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:58.649538994 CET	53	57084	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:58.916572094 CET	58823	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:58.931729078 CET	53	58823	8.8.8.8	192.168.2.3
Jan 28, 2021 02:01:59.835103989 CET	57568	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:01:59.852299929 CET	53	57568	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:02.049659014 CET	50540	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:02.065431118 CET	53	50540	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:02.879195929 CET	54366	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:02.895081997 CET	53	54366	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:03.661721945 CET	53034	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:03.677048922 CET	53	53034	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:19.579011917 CET	57762	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:19.594084978 CET	53	57762	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:23.017425060 CET	55435	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:23.067121983 CET	53	55435	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:28.655407906 CET	50713	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:28.673218966 CET	53	50713	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:29.328082085 CET	56132	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:29.367918968 CET	53	56132	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:29.672035933 CET	50713	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:29.687884092 CET	53	50713	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:30.686570883 CET	50713	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:30.703120947 CET	53	50713	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:32.702384949 CET	50713	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:32.718467951 CET	53	50713	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:36.718319893 CET	50713	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:36.734349012 CET	53	50713	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:38.430484056 CET	58987	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:38.461951971 CET	53	58987	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:41.192493916 CET	56579	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:41.207801104 CET	53	56579	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:54.765803099 CET	60633	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:54.780992031 CET	53	60633	8.8.8.8	192.168.2.3
Jan 28, 2021 02:02:58.203273058 CET	61292	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:02:58.220582962 CET	53	61292	8.8.8.8	192.168.2.3
Jan 28, 2021 02:03:29.847019911 CET	63619	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:03:29.862371922 CET	53	63619	8.8.8.8	192.168.2.3
Jan 28, 2021 02:03:31.353044033 CET	64938	53	192.168.2.3	8.8.8.8
Jan 28, 2021 02:03:31.376766920 CET	53	64938	8.8.8.8	192.168.2.3

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5540 Parent PID: 792

Function Logs

General

Start time:	02:01:57
Start date:	28/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7a2dc0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 2792 Parent PID: 5540

Function Logs

General

Start time:	02:01:58
Start date:	28/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2
Imagebase:	0x1040000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://cs9.wac.phicdn.net

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5540 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Registry Activities

Key Opened

Key Created

Key Value Created

Key Value Modified

Key Value Deleted

Key Monitored

Mutex Activities

Mutex Created

Process Activities

Process Created

Process Information Set

Thread Activities