Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4720
Target ID:	0
Parent PID:	5468
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:38:31
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2468,i,8799287499187348250,9871557580759045562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3628
Target ID:	2
Parent PID:	4720
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2468,i,8799287499187348250,9871557580759045562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:38:35
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D"

Details

Is windows:	true
Is dropped:	false
PID:	4456
Target ID:	3
Parent PID:	5468
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:38:38
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D

https://stats.g.doubleclick.net/g/collect

unknown

https://p.teads.tv/teads-fellow.js

unknown

https://www.facebook.com/tr/?id=541164370529087&ev=PageView&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325963&sw=1280&sh=1024&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=GET

157.240.0.35

https://www.redditstatic.com/ads/pixel.js

151.101.129.140

https://get.sinchemail.com/pr/js

104.18.10.212

https://ampcid.google.com/v1/publisher:getClientId

unknown

https://px.ads.linkedin.com/collect?

unknown

https://x.clearbitjs.com/v1/pk_54258638e2140e223e87c6c868ec9a93/forms.js?page_path=%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html

3.127.196.46

https://www.google.com

unknown

https://www.youtube.com/iframe_api

unknown

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=939cc2b0-a976-4b0b-a894-1b98e3298bf7&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=eeb64410-e513-4069-a922-41bb6f75921e&tw_document_href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html&tw_iframe_status=0&txn_id=o57gg&type=javascript&version=2.3.29

104.244.42.195

https://login.mailgun.com/login/static/style.css?v=1.0.0

34.160.63.108

https://connect.facebook.net/en_US/fbevents.js

157.240.0.6

https://cdn.rudderlabs.com/v1.1/js-integrations/GoogleTagManager.min.js

18.239.83.17

https://github.com/krux/postscribe/blob/master/LICENSE.

unknown

https://login.mailgun.com/login/static/roboto-v27-latin-regular.woff

34.160.63.108

https://www.facebook.com/tr/?redirect=0&rqm=GET&coo=false&it=1720010324745&cdl=API_unavailable&ler=empty&fbp=fb.1.1720010325961.1187528993&o=4126&ec=2&r=stable&v=2.9.160&sh=1024&sw=1280&ts=1720010327099&if=false&rl=&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&ev=Scroll_50&id=541164370529087

157.240.0.35

https://stats.g.doubleclick.net/j/collect

unknown

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=939cc2b0-a976-4b0b-a894-1b98e3298bf7&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=eeb64410-e513-4069-a922-41bb6f75921e&tw_document_href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html&tw_iframe_status=0&txn_id=o57gg&type=javascript&version=2.3.29

93.184.221.165

https://login.mailgun.com/login/static/mailgun-login-leftrail.png

34.160.63.108

https://login.mailgun.com/login/static/logo-mailgun-sinch.svg

34.160.63.108

https://login.mailgun.com/login/static/roboto-v27-latin-700.woff

34.160.63.108

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010327099&sw=1280&sh=1024&v=2.9.160&r=stable&ec=2&o=4126&fbp=fb.1.1720010325961.1187528993&ler=empty&cdl=API_unavailable&it=1720010324745&coo=false&rqm=FGET

157.240.0.35

https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js

18.239.83.17

https://1b3rmrwdw.buzz/gun/index.js

142.11.212.118

https://googleads.g.doubleclick.net

unknown

https://tagassistant.google.com/

unknown

https://x.clearbitjs.com/v2/pk_54258638e2140e223e87c6c868ec9a93/tracking.min.js

3.127.196.46

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=PageView&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325963&sw=1280&sh=1024&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=FGET

157.240.0.35

https://login.mailgun.com/login/static/red-hat-display-v11-latin-700.woff

34.160.63.108

https://cct.google/taggy/agent.js

unknown

https://static.ads-twitter.com/uwt.js

146.75.120.157

https://www.google.com/pagead/1p-user-list/1005952947/?random

unknown

https://snap.licdn.com/li.lms-analytics/insight.min.js

unknown

https://connect.facebook.net/signals/config/541164370529087?v=2.9.160&r=stable&domain=9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

157.240.0.6

https://9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net/

https://87484878475.alt-xm-38iszmu.workers.dev/

172.67.147.221

https://www.facebook.com/tr/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010327099&sw=1280&sh=1024&v=2.9.160&r=stable&ec=2&o=4126&fbp=fb.1.1720010325961.1187528993&ler=empty&cdl=API_unavailable&it=1720010324745&coo=false&rqm=GET

157.240.0.35

https://www.google.com/ads/ga-audiences

unknown

https://www.google.%/ads/ga-audiences

unknown

https://td.doubleclick.net

unknown

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325966&sw=1280&sh=1024&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=FGET

157.240.0.35

https://www.merchant-center-analytics.goog

unknown

https://tag.clearbitscripts.com/v1/pk_54258638e2140e223e87c6c868ec9a93/tags.js

13.226.175.10

167.89.118.28

https://login.mailgun.com/login/static/favicon.png

34.160.63.108

https://x.clearbitjs.com/v2/pk_54258638e2140e223e87c6c868ec9a93/destinations.min.js

3.127.196.46

https://google.com

unknown

https://www.facebook.com/tr/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325966&sw=1280&sh=1024&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=GET

157.240.0.35

https://connect.facebook.net/signals/config/541164370529087?v=2.9.104&r=stable

157.240.0.6

https://adservice.google.com/pagead/regclk?

unknown

There are 41 hidden URLs, click here to show them.

Domains

Name

Malicious

star-mini.c10r.facebook.com

157.240.0.35

d330tt87tgwpr0.cloudfront.net

18.239.83.17

tag.clearbitscripts.com

13.226.175.10

s.twitter.com

104.244.42.195

34.160.63.108

u6071375.ct.sendgrid.net

167.89.118.28

platform.twitter.map.fastly.net

146.75.120.157

fp2e7a.wpc.phicdn.net

192.229.221.95

s-part-0014.t-0009.t-msedge.net

13.107.246.42

dualstack.reddit.map.fastly.net

151.101.129.140

bg.microsoft.map.fastly.net

199.232.210.172

scontent.xx.fbcdn.net

157.240.0.6

t.co

93.184.221.165

1b3rmrwdw.buzz

142.11.212.118

googleads.g.doubleclick.net

142.250.185.130

global-v4.clearbit.com

3.127.196.46

www.google.com

142.250.185.132

87484878475.alt-xm-38iszmu.workers.dev

172.67.147.221

grsm.io

104.18.10.212

windowsupdatebg.s.llnwi.net

178.79.238.0

static.ads-twitter.com

unknown

www.facebook.com

unknown

www.redditstatic.com

unknown

get.sinchemail.com

unknown

td.google.com

unknown

c.6sc.co

unknown

x.clearbitjs.com

unknown

connect.facebook.net

unknown

px.ads.linkedin.com

unknown

9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net

unknown

analytics.twitter.com

unknown

snap.licdn.com

unknown

j.6sc.co

unknown

ipv6.6sc.co

unknown

cdn.rudderlabs.com

unknown

There are 25 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.186.68

unknown

United States

13.107.246.42

s-part-0014.t-0009.t-msedge.net

United States

13.226.175.10

tag.clearbitscripts.com

United States

216.58.212.164

unknown

United States

192.168.2.18

unknown

192.168.2.6

unknown

192.168.2.5

unknown

157.240.0.6

scontent.xx.fbcdn.net

United States

172.67.147.221

87484878475.alt-xm-38iszmu.workers.dev

United States

167.89.118.28

u6071375.ct.sendgrid.net

United States

157.240.0.35

star-mini.c10r.facebook.com

United States

104.18.10.212

grsm.io

United States

142.250.185.132

www.google.com

United States

142.11.212.118

1b3rmrwdw.buzz

United States

104.244.42.195

s.twitter.com

United States

216.58.206.68

unknown

United States

93.184.221.165

t.co

European Union

239.255.255.250

unknown

Reserved

3.127.196.46

global-v4.clearbit.com

United States

142.250.185.130

googleads.g.doubleclick.net

United States

146.75.120.157

platform.twitter.map.fastly.net

Sweden

151.101.129.140

dualstack.reddit.map.fastly.net

United States

18.239.83.17

d330tt87tgwpr0.cloudfront.net

United States

34.160.63.108

United States

There are 14 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

Processes

URLs

Domains

IPs

DOM / HTML