Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 48

ASCII text, with very long lines (24672), with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 48
Category:	downloaded
Dump:	chromecache_48.4.dr
ID:	dr_5
Target ID:	4
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (24672), with no line terminators
Entropy:	5.359139950319512
Encrypted:	false
Ssdeep:	768:QOUyv/PN6ogLuWAi5zD00N3tV+Cq63PQfLAoLeyL9qDDY7mL1z:QOUi/06uka
Size:	24672
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 49

JSON data

downloaded

Details

File:	Chrome Cache Entry: 49
Category:	downloaded
Dump:	chromecache_49.4.dr
ID:	dr_6
Target ID:	4
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	4.596417084496585
Encrypted:	false
Ssdeep:	12:fPtQ+QpW+v20JR+QD3+sGgrSjaUzLpeEF1Dhi1yzD4mgNK5L:fPtQ+QpW5oRfD3Uf9LRDhoynaK5L
Size:	674
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 50

HTML document, ASCII text, with very long lines (54998)

downloaded

Details

File:	Chrome Cache Entry: 50
Category:	downloaded
Dump:	chromecache_50.4.dr
ID:	dr_7
Target ID:	4
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (54998)
Entropy:	5.606049151257981
Encrypted:	false
Ssdeep:	768:e+qNplvMd4faJsbuGW87h1d9FYyGklGoP:K/W8VDYyGkN
Size:	60562
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 51

Web Open Font Format (Version 2), TrueType, length 46552, version 1.0

downloaded

Details

File:	Chrome Cache Entry: 51
Category:	downloaded
Dump:	chromecache_51.4.dr
ID:	dr_8
Target ID:	4
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Web Open Font Format (Version 2), TrueType, length 46552, version 1.0
Entropy:	7.9950795250028674
Encrypted:	true
Ssdeep:	768:hhTRJqooGnba8+OgF5kjearV36czFCgWWfSkLaLOJc+IfZmmmSn+VoMzQAhX/LS:jT2kuzOgFmjearV3UWfSkQsVEAjdCUdM
Size:	46552
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 52

ASCII text

downloaded

Details

File:	Chrome Cache Entry: 52
Category:	downloaded
Dump:	chromecache_52.4.dr
ID:	dr_9
Target ID:	4
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text
Entropy:	1.5219280948873621
Encrypted:	false
Ssdeep:	3:U8n:U8n
Size:	5
Whitelisted:	true
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6404
Target ID:	0
Parent PID:	6072
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	16:55:48
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2172,i,3802149442880619225,12691963403737139201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2444
Target ID:	4
Parent PID:	6404
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2172,i,3802149442880619225,12691963403737139201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	16:55:51
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6"

Details

Is windows:	true
Is dropped:	false
PID:	3872
Target ID:	11
Parent PID:	6072
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	16:55:53
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6

https://gamma.app/_next/static/chunks/ad943d25-7fe3a56c8d1cce87.js

104.18.10.200

https://gamma.app/_next/static/chunks/7399-db7e13ffb819acfb.js

104.18.10.200

https://gamma.app/_next/static/chunks/9814d858-303e4e17c4816b1b.js

104.18.10.200

https://gamma.app/_next/static/chunks/4450-d1e94546cc49c3d6.js

104.18.10.200

https://gamma.app/favicons/favicon-192.svg

104.18.10.200

https://gamma.app/_next/static/chunks/ad54e6ef-90347fe54fe33f88.js

104.18.10.200

https://gamma.app/_next/static/chunks/d08a6a05-4dafbbcaa95fed02.js

104.18.10.200

https://gamma.app/_next/static/chunks/8c469d57-f27e80c701ca424f.js

104.18.10.200

https://gamma.app/_next/static/chunks/2252-d0773f7284457643.js

104.18.10.200

https://gamma.app/_next/static/chunks/b155a556-0d5fc585487af832.js

104.18.10.200

https://gamma.app/_next/static/chunks/b4d7d80c-5d6183807bd6d276.js

104.18.10.200

https://embed-proxy-prod.gamma-app.workers.dev/

unknown

https://graphql.contentful.com/content/v1/spaces/yg6st2np8vj7

unknown

https://gamma.app/_next/static/chunks/2254-dd2fcb9ac1cd8d23.js

104.18.10.200

https://gamma.app

unknown

https://gamma.app/_next/static/chunks/5066-0db8db948c935cf0.js

104.18.10.200

https://gamma.app/_next/static/chunks/main-2dbeed7c522cadf7.js

104.18.10.200

https://gamma.app/_next/static/chunks/6871-43ead4b56e938a1a.js

104.18.10.200

https://gamma.app/_next/static/chunks/pages/_app-1a582ae6539226d6.js

104.18.10.200

https://gamma.app/signin

https://gamma.app/_next/static/MCT4NyfxfZRHn9nNcHlYB/_buildManifest.js

104.18.10.200

https://imgproxy.gamma.app

unknown

https://gamma.app/_next/static/MCT4NyfxfZRHn9nNcHlYB/_ssgManifest.js

104.18.10.200

https://api.gamma.app

unknown

https://gamma.app/_next/static/chunks/6000-75f676ef8ac7a058.js

104.18.10.200

https://gamma.app/_next/static/chunks/b779bb5e-4476001df1162db9.js

104.18.10.200

https://gamma.app/_next/static/chunks/93656207-b640f73d95eb7afc.js

104.18.10.200

https://gamma.app/manifest.json

104.18.10.200

https://gamma.app/_next/static/chunks/1035ef44-e4d66d81a61710cd.js

104.18.10.200

https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6

108.128.20.86

https://gamma.app/_next/static/chunks/2edb282b-a83f7ffd007bccf0.js

104.18.10.200

https://gamma.app/favicons/pwa-icon-512x512.png

104.18.10.200

https://gamma.app/_next/static/chunks/framework-0ac6491e82269c86.js

104.18.10.200

https://gamma.app/_next/static/chunks/6441-a841dffd50b08162.js

104.18.10.200

https://gamma.app/_next/static/chunks/webpack-5f7746b6dddd0384.js

104.18.10.200

https://gamma.app/_next/static/chunks/pages/signin-0f4f96a098440f86.js

104.18.10.200

https://gamma.app/_next/static/css/4c51f34f528c6485.css

104.18.10.200

https://cdn.iframe.ly/embed.js

108.138.7.69

https://gamma.app/_next/static/chunks/2432-a18bcb66b3e8b2d8.js

104.18.10.200

https://gamma.app/_next/static/chunks/2298-2a1b8f1d18a202f5.js

104.18.10.200

There are 30 hidden URLs, click here to show them.

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.214.172

gamma.app

104.18.10.200

Details

Name:	gamma.app
IP:	104.18.10.200
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected suspicious crossdomain redirect	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

click.pstmrk.it

108.128.20.86

Details

Name:	click.pstmrk.it
IP:	108.128.20.86
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected suspicious crossdomain redirect	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.186.68

Details

Name:	www.google.com
IP:	142.250.186.68
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

cdn.iframe.ly

108.138.7.69

Details

Name:	cdn.iframe.ly
IP:	108.138.7.69
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

use.typekit.net

unknown

p.typekit.net

unknown

IPs

Domain

Country

Malicious

142.250.186.68

www.google.com

United States

108.138.7.69

cdn.iframe.ly

United States

108.128.20.86

click.pstmrk.it

United States

192.168.2.7

unknown

104.18.10.200

gamma.app

United States

239.255.255.250

unknown

Reserved

DOM / HTML

URL

Malicious

https://gamma.app/signin

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://click.pstmrk.it/3s/gamma.app%2Fsignin/JjV-/B022AQ/AQ/466c2e01-543c-410b-8ace-70b1d18402c8/2/uVCakhqNd6