IOC Report
https://dl.dropboxusercontent.com/scl/fi/2urfr5q3ixqp323mpxvhk/doc0992002349204234.zip?rlkey=y7i8kx77whrcy1cmi0q2meqie&st=b7dosz01&dl=0

Files

File Path

Type

Category

Malicious

C:\Users\user\Downloads\new.bat

Unicode text, UTF-16, little-endian text, with very long lines (17700), with no line terminators

dropped

C:\Users\user\Downloads\plat.zip

Zip archive data, at least v2.0 to extract, compression method=store

modified

C:\Users\user\Downloads\update.bat

Unicode text, UTF-16, little-endian text, with very long lines (1561), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

data

modified

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jnbes5tt.3tc.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2XW6ZO587UXR1TB4AYIP.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RF3c76e1.TMP (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RF3d35dc.TMP (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ICMWWOFP70X90AHDGL5O.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:19:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:19:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:19:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:19:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:19:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.bat (copy)

Unicode text, UTF-16, little-endian text, with very long lines (1561), with no line terminators

dropped

C:\Users\user\Downloads\5ddcfc79-4ea6-4e61-84f8-43bbbcd0dab7.tmp

Zip archive data, at least v1.0 to extract, compression method=store

dropped

C:\Users\user\Downloads\doc0992002349204234.zip (copy)

Zip archive data, at least v1.0 to extract, compression method=store

dropped

C:\Users\user\Downloads\doc0992002349204234.zip.crdownload (copy)

Zip archive data, at least v1.0 to extract, compression method=store

dropped

There are 12 hidden files, click here to show them.

Domains

Name

IP

Malicious

dl.dropboxusercontent.com

unknown

Details

Name:	dl.dropboxusercontent.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

edge-block-www-env.dropbox-dns.com

162.125.66.15

www.google.com

142.250.185.132

Details

Name:	www.google.com
IP:	142.250.185.132
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

1.1.1.1

unknown

Australia

142.250.186.174

unknown

United States

192.168.2.16

unknown

unknown

142.250.185.132

www.google.com

United States

192.168.2.4

unknown

unknown

162.125.66.15

edge-block-www-env.dropbox-dns.com

United States

216.58.206.35

unknown

United States

192.168.2.5

unknown

unknown

239.255.255.250

unknown

Reserved

142.250.185.131

unknown

United States

64.233.184.84

unknown

United States

23.43.61.160

unknown

United States

216.58.212.174

unknown

United States

127.0.0.1

unknown

unknown

104.16.230.132

unknown

United States

There are 5 hidden IPs, click here to show them.