IOC Report
From.S03E06.1080p.WEB.H264-SuccessfulCrab.mkv.zip

Files

File Path

Type

Category

Malicious

From.S03E06.1080p.WEB.H264-SuccessfulCrab.mkv.zip

Zip archive data, at least v2.0 to extract, compression method=store

initial sample

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

COM executable for DOS

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.exe

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

ASCII text, with no line terminators

modified

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\INetCache\165U1P1X\configuration[1].xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Extensible storage engine DataBase, version 0x620, checksum 0xc217fad2, page size 8192, DirtyShutdown, Windows version 10.0

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

Extensible storage engine DataBase, version 0x620, checksum 0x6678def3, page size 8192, JustCreated, Windows version 0.0

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\backstack.json (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\backstack.json.~tmp

JSON data

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

MS Windows registry file, NT/2000 or above

dropped

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1

MS Windows registry file, NT/2000 or above

dropped

C:\Users\user\AppData\Local\Temp\From.S03E06.1080p.WEB.H264-SuccessfulCrab.mkv

ASCII text, with CRLF line terminators

dropped

C:\Users\user\Desktop\From.S03E06.1080p.WEB.H264-SuccessfulCrab.mkv\From.S03E06.1080p.WEB.H264-SuccessfulCrab.mkv.lnk

MS Windows shortcut, Item id list present, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized

modified

There are 9 hidden files, click here to show them.

Domains

Name

IP

Malicious

settings-ssl.xboxlive.com

unknown

s-part-0017.t-0009.fb-t-msedge.net

13.107.253.45

IPs

IP

Domain

Country

Malicious

184.28.89.167

unknown

United States

95.101.148.7

unknown

European Union

13.107.253.45

s-part-0017.t-0009.fb-t-msedge.net

United States

Details

IP:	13.107.253.45
TargetID:	19
Current Path:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
Country:	United States
Countrycode:	USA
ASN number:	8068
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false
Domain:	s-part-0017.t-0009.fb-t-msedge.net

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking