Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4080
Target ID:	0
Parent PID:	6048
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	19:49:06
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1668
Target ID:	2
Parent PID:	4080
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	19:49:10
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw"

Details

Is windows:	true
Is dropped:	false
PID:	6428
Target ID:	3
Parent PID:	6048
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	19:49:12
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

https://federalfinancialnewsnetwork.net/machform/images/form_resources/grey-mild.png

74.208.236.15

http://jqueryui.com/effect/

unknown

http://jquery.org/license

unknown

https://federalfinancialnewsnetwork.net/machform/view.js?bdffc4

74.208.236.15

https://bugs.webkit.org/show_bug.cgi?id=107380

unknown

https://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

3.232.182.1

https://federalfinancialnewsnetwork.net/machform/view.mobile.css?bdffc4

74.208.236.15

https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4

74.208.236.15

https://federalfinancialnewsnetwork.net/machform/js/jquery.min.js?bdffc4

74.208.236.15

https://federalfinancialnewsnetwork.net/machform/images/machform.png

74.208.236.15

3.232.182.1

http://api.jqueryui.com/category/effects-core/

unknown

https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RG

unknown

http://jqueryui.com

unknown

https://federalfinancialnewsnetwork.net/favicon.ico

74.208.236.15

http://jsfiddle.net/JZSMt/3/

unknown

https://github.com/jquery/jquery-color

unknown

https://federalfinancialnewsnetwork.net/machform/js/jquery-ui-1.12/effect.js?bdffc4

74.208.236.15

https://federalfinancialnewsnetwork.net/machform/view.php?id=14648

http://www.robertpenner.com/easing)

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=561664

unknown

There are 11 hidden URLs, click here to show them.

Domains

Name

Malicious

www.preferredfederalretirement.com

3.232.182.1

Details

Name:	www.preferredfederalretirement.com
IP:	3.232.182.1
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

federalfinancialnewsnetwork.net

74.208.236.15

Details

Name:	federalfinancialnewsnetwork.net
IP:	74.208.236.15
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.184.196

Details

Name:	www.google.com
IP:	142.250.184.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

142.250.184.196

www.google.com

United States

3.232.182.1

www.preferredfederalretirement.com

United States

192.168.2.16

unknown

192.168.2.4

unknown

239.255.255.250

unknown

Reserved

74.208.236.15

federalfinancialnewsnetwork.net

United States

DOM / HTML

URL

Malicious

https://federalfinancialnewsnetwork.net/machform/view.php?id=14648

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw