Automated Malware Analysis IOC Report for

Files

File Path

Type

URLs

Name

Malicious

https://cx.surveysensum.com/fd3Butxp

Details

Filetype:	URL
Filename:	https://cx.surveysensum.com/fd3Butxp

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
AI detected landing page (webpage, office document or email)	Persistence and Installation Behavior	Browser Extensions
HTML page contains hidden URLs	Phishing
HTML page contains suspicious javascript code	Phishing
Phishing site detected (based on shot match)	Phishing
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)	Phishing	Scripting Deobfuscate/Decode Files or Information
Detected non-DNS traffic on DNS port	Networking
HTML body contains low number of good links	Phishing
HTML body contains password input but no form action	Phishing
HTML body with high number of embedded images detected	Phishing
HTML page contains hidden javascript code	Phishing
HTML title does not match URL	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://infinitispark.msk.ru/DiuXc/

Details

Name:	https://infinitispark.msk.ru/DiuXc/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
HTML page contains hidden URLs	Phishing
HTML page contains suspicious javascript code	Phishing
Phishing site detected (based on shot match)	Phishing
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)	Phishing	Scripting Deobfuscate/Decode Files or Information
HTML body contains low number of good links	Phishing
HTML body contains password input but no form action	Phishing
HTML body with high number of embedded images detected	Phishing
HTML page contains hidden javascript code	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Domains

Name

Malicious

infinitispark.msk.ru

104.21.42.218

quantumradius.msk.ru

104.21.24.207

cx.surveysensum.com

3.85.221.5

a.nel.cloudflare.com

35.190.80.1

s3.amazonaws.com

3.5.12.130

code.jquery.com

151.101.2.137

muj5y37wadgmdjwugqfepukxo40dfqeb.lambda-url.ap-southeast-1.on.aws

54.179.241.115

cdnjs.cloudflare.com

104.17.25.14

prod-micro.surveysensum.com

18.143.72.65

challenges.cloudflare.com

104.18.95.41

www.google.com

172.217.18.100

s3-r-w.ap-southeast-1.amazonaws.com

52.219.184.2

public-neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com

unknown

neurosensum-production-storage.s3.ap-southeast-1.amazonaws.com

unknown

There are 4 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

104.21.24.207

quantumradius.msk.ru

United States

104.21.42.218

infinitispark.msk.ru

United States

3.85.221.5

cx.surveysensum.com

United States

54.179.241.115

muj5y37wadgmdjwugqfepukxo40dfqeb.lambda-url.ap-southeast-1.on.aws

United States

3.5.148.7

unknown

United States

52.219.164.11

unknown

United States

54.231.194.184

unknown

United States

192.168.2.16

unknown

151.101.130.137

unknown

United States

52.219.124.35

unknown

United States

172.67.210.104

unknown

United States

142.250.186.110

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

142.250.184.206

unknown

United States

142.250.185.67

unknown

United States

104.17.24.14

unknown

United States

1.1.1.1

unknown

Australia

18.143.72.65

prod-micro.surveysensum.com

United States

52.219.184.2

s3-r-w.ap-southeast-1.amazonaws.com

United States

3.5.12.130

s3.amazonaws.com

United States

104.18.95.41

challenges.cloudflare.com

United States

151.101.2.137

code.jquery.com

United States

239.255.255.250

unknown

Reserved

142.250.185.195

unknown

United States

52.76.11.114

unknown

United States

64.233.184.84

unknown

United States

172.67.220.202

unknown

United States

104.17.25.14

cdnjs.cloudflare.com

United States

172.217.18.100

www.google.com

United States

There are 19 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://cx.surveysensum.com/fd3Butxp

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://cx.surveysensum.com/fd3Butxp

Files

URLs

Domains

IPs

IOC Report
https://cx.surveysensum.com/fd3Butxp