Automated Malware Analysis IOC Report for

Files

File Path

Type

URLs

Name

Malicious

http://www.aieov.com/setup.exe

Details

Filetype:	URL
Filename:	http://www.aieov.com/setup.exe

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Drops PE files	Persistence and Installation Behavior	Extra Window Memory Injection
HTML page contains hidden javascript code	Phishing	Extra Window Memory Injection
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Classification label	System Summary	Extra Window Memory Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
Downloads files from webservers via HTTP	Networking	Extra Window Memory Injection Ingress Tool Transfer
HTML page is missing a favicon	Phishing	Extra Window Memory Injection
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Reads ini files	System Summary	Extra Window Memory Injection File and Directory Discovery
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Spawns processes	System Summary	Process Injection
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Extra Window Memory Injection
Uses HTTPS	Networking
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

http://www6.aieov.com/?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0

3.33.243.145

Details

Name:	http://www6.aieov.com/?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0
IP:	3.33.243.145
TargetID:	1
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

http://www.aieov.com/favicon.ico

45.56.79.23

http://www6.aieov.com/lander?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0

Details

Name:	http://www6.aieov.com/lander?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection

http://www.aieov.com/setup.exe

Details

Name:	http://www.aieov.com/setup.exe
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

https://www.aieov.com/

Details

Name:	https://www.aieov.com/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
HTML page contains hidden javascript code	Phishing
HTML page is missing a favicon	Phishing

http://detectportal.firefox.com/canonical.html

34.107.221.82

http://detectportal.firefox.com/success.txt?ipv4

34.107.221.82

Domains

Name

Malicious

www.aieov.com

45.56.79.23

www6.aieov.com

unknown

example.org

93.184.215.14

prod.detectportal.prod.cloudops.mozgcp.net

34.107.221.82

services.addons.mozilla.org

52.222.236.23

www10.smartname.com

3.33.243.145

contile.services.mozilla.com

34.117.188.166

prod.content-signature-chains.prod.webservices.mozgcp.net

34.160.144.191

ipv4only.arpa

192.0.0.170

prod.ads.prod.webservices.mozgcp.net

34.117.188.166

push.services.mozilla.com

34.107.243.93

www.google.com

142.250.186.36

normandy-cdn.services.mozilla.com

35.201.103.21

star-mini.c10r.facebook.com

157.240.253.35

prod.classify-client.prod.webservices.mozgcp.net

35.190.72.216

twitter.com

104.244.42.129

prod.balrog.prod.cloudops.mozgcp.net

35.244.181.201

syndicatedsearch.goog

142.250.185.238

ad.doubleclick.net

142.250.181.230

dyna.wikimedia.org

185.15.59.224

prod.remote-settings.prod.webservices.mozgcp.net

34.149.100.209

ad-delivery.net

104.26.3.70

youtube-ui.l.google.com

172.217.16.142

reddit.map.fastly.net

151.101.1.140

btloader.com

172.67.41.60

telemetry-incoming.r53-2.services.mozilla.com

34.120.208.123

img1.wsimg.com

unknown

www.reddit.com

unknown

spocs.getpocket.com

unknown

content-signature-2.cdn.mozilla.net

unknown

firefox.settings.services.mozilla.com

unknown

www.youtube.com

unknown

www.facebook.com

unknown

detectportal.firefox.com

unknown

normandy.cdn.mozilla.net

unknown

shavar.services.mozilla.com

unknown

www.wikipedia.org

unknown

There are 27 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

45.56.79.23

www.aieov.com

United States

104.26.3.70

ad-delivery.net

United States

142.250.185.206

unknown

United States

192.168.2.16

unknown

142.250.181.230

ad.doubleclick.net

United States

192.168.2.4

unknown

3.33.243.145

www10.smartname.com

United States

34.117.188.166

contile.services.mozilla.com

United States

52.222.236.23

services.addons.mozilla.org

United States

142.250.185.142

unknown

United States

142.250.185.164

unknown

United States

35.201.103.21

normandy-cdn.services.mozilla.com

United States

23.38.98.78

unknown

United States

142.250.184.228

unknown

United States

34.120.208.123

telemetry-incoming.r53-2.services.mozilla.com

United States

72.14.185.43

unknown

United States

104.22.75.216

unknown

United States

2.22.61.59

unknown

European Union

142.250.110.84

unknown

United States

142.250.185.68

unknown

United States

1.1.1.1

unknown

Australia

142.250.186.36

www.google.com

United States

172.67.69.19

unknown

United States

216.58.206.67

unknown

United States

34.149.100.209

prod.remote-settings.prod.webservices.mozgcp.net

United States

34.107.243.93

push.services.mozilla.com

United States

54.70.187.236

unknown

United States

142.250.185.238

syndicatedsearch.goog

United States

34.107.221.82

prod.detectportal.prod.cloudops.mozgcp.net

United States

172.67.41.60

btloader.com

United States

35.244.181.201

prod.balrog.prod.cloudops.mozgcp.net

United States

239.255.255.250

unknown

Reserved

142.250.185.230

unknown

United States

35.190.72.216

prod.classify-client.prod.webservices.mozgcp.net

United States

34.160.144.191

prod.content-signature-chains.prod.webservices.mozgcp.net

United States

172.217.16.195

unknown

United States

127.0.0.1

unknown

There are 27 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.aieov.com/setup.exe

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.aieov.com/setup.exe

Files

URLs

Domains

IPs

IOC Report
http://www.aieov.com/setup.exe