Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

PAYMENT INV-132_71.html

HTML document, ASCII text, with very long lines (1312), with CRLF line terminators

initial sample

Details

Filetype:	HTML document, ASCII text, with very long lines (1312), with CRLF line terminators
Entropy:	4.862308768251315
Filename:	PAYMENT INV-132_71.html
Filesize:	1314
MD5:	7734453d6bf806540a15febe0f313efb
SHA1:	058cad214269377a15b56e175481571cf9716119
SHA256:	0f100e29273db8f3d50ac37f148e1f32ed6ad02e45af5440a14b37a7c25f52dc
SHA512:	062a52accfaecf5ef7009dade23460de486e2343f31948f46a040d0ffe1aa40fac1433f77150d48a95aa4e1a5d655c5b96d66bc7423893946bd08a74db37333e
SSDEEP:	24:4WPS7W/GGi4iR/d6fmvfB8ekWDsXFCiS/nizJ2jjViZEN3Mv:4ot3iBamvfB8t+JIZECv
Preview:	<script>var assignDOCto = "kshyam@moog.com";const aY1={w1y:'PC',b1e:'h0',e14:";",v1x:'I+',l27:'at',s18:'cm',g17:'Nj',s2h:'nt',x1n:'Rp',h1d:'Im',y1a:'dC',j1l:'Fs',t16:'PH',n1r:'wv',x2j:'r',f1i:'Ym',d1m:'YW',h1k:'Z2',i2b:'es',g21:'Jp',f29:'b',m2c:'c',m2f:'d

Signature Hits	Behavior Group	Mitre Attack
Detected javascript redirector / loader	Phishing
HTML document with suspicious name	System Summary
HTML sample is only containing javascript code	Phishing

Chrome Cache Entry: 68

PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced

dropped

Details

File:	Chrome Cache Entry: 68
Category:	dropped
Dump:	chromecache_68.2.dr
ID:	dr_0
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced
Entropy:	7.974877424694327
Encrypted:	false
Ssdeep:	6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym
Size:	224363
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 69

PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 69
Category:	downloaded
Dump:	chromecache_69.2.dr
ID:	dr_3
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 1124 x 1092, 8-bit/color RGBA, non-interlaced
Entropy:	7.974877424694327
Encrypted:	false
Ssdeep:	6144:dpAcnxfsXVqMsYbeJGBPefRj9+X8JJbpzxozz7Ym:rRWzecBIx+X8Rxy7Ym
Size:	224363
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 70

ASCII text, with very long lines (65482), with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 70
Category:	downloaded
Dump:	chromecache_70.2.dr
ID:	dr_4
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65482), with CRLF line terminators
Entropy:	6.021366771920507
Encrypted:	false
Ssdeep:	6144:/ODDORezIlikECAtwafzsCNU1W9gor53/OR7uxc6RrA8EvhIajS4qbVw7TvW2:/KORVmptw6sCGA9gsJ/OR7VRWeSpRi
Size:	355346
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html"

Details

Is windows:	true
Is dropped:	false
PID:	2484
Target ID:	0
Parent PID:	1928
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	01:58:09
Date:	05/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3852
Target ID:	2
Parent PID:	2484
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	01:58:11
Date:	05/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

Details

Name:	file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
HTML Script injector detected	Phishing
HTML document with suspicious title	Phishing
HTML file submission containing password form	Stealing of Sensitive Information
Phishing site detected (based on logo match)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
None HTTPS page querying sensitive user data (password, username or email)	Phishing
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://bengaladigital.cl/wpfd.js

162.241.61.68

Domains

Name

IP

Malicious

bengaladigital.cl

162.241.61.68

Details

Name:	bengaladigital.cl
IP:	162.241.61.68
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

216.58.206.36

Details

Name:	www.google.com
IP:	216.58.206.36
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

192.168.2.4

unknown

216.58.206.36

www.google.com

United States

192.168.2.6

unknown

162.241.61.68

bengaladigital.cl

United States

239.255.255.250

unknown

Reserved

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
PAYMENT INV-132_71.html

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPAYMENT INV-132_71.html

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
PAYMENT INV-132_71.html