Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4856
Target ID:	0
Parent PID:	5792
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	18:25:10
Date:	04/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	7096
Target ID:	2
Parent PID:	4856
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	18:25:15
Date:	04/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlz.fr/r1TD"

Details

Is windows:	true
Is dropped:	false
PID:	4452
Target ID:	3
Parent PID:	5792
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlz.fr/r1TD"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	18:25:17
Date:	04/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://urlz.fr/r1TD

https://convertall.com/fr/convertisseur-pdf

unknown

https://cpstest.click/fr

unknown

https://twitter.com/URLzFR

unknown

https://urlz.fr/favicon.ico

104.21.234.214

https://serveur-prive.net/minecraft

unknown

https://a.nel.cloudflare.com/report/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX

35.190.80.1

https://a.nel.cloudflare.com/report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc

35.190.80.1

https://cmp.quantcast.com

unknown

http://www.zupimages.net/

unknown

https://ipcost.com/fr

unknown

https://notube.lol/fr/youtube-app-v133

unknown

https://urlz.fr/

unknown

https://casinobonusca.com/fr/

unknown

There are 4 hidden URLs, click here to show them.

Domains

Name

Malicious

a.nel.cloudflare.com

35.190.80.1

Details

Name:	a.nel.cloudflare.com
IP:	35.190.80.1
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

urlz.fr

104.21.234.214

Details

Name:	urlz.fr
IP:	104.21.234.214
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

www.google.com

142.250.185.132

Details

Name:	www.google.com
IP:	142.250.185.132
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

192.168.2.7

unknown

35.190.80.1

a.nel.cloudflare.com

United States

142.250.185.132

www.google.com

United States

192.168.2.4

unknown

104.21.234.214

urlz.fr

United States

DOM / HTML

URL

Malicious

https://urlz.fr/r1TD

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://urlz.fr/r1TD

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://urlz.fr/r1TD

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://urlz.fr/r1TD