IOC Report
7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe

loading gif

Files

File Path
Type
Category
Malicious
7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 150
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 151
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 152
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 153
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 154
JSON data
dropped
Chrome Cache Entry: 155
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 156
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (65410)
dropped
Chrome Cache Entry: 158
Web Open Font Format (Version 2), TrueType, length 18768, version 1.0
downloaded
Chrome Cache Entry: 159
JSON data
dropped
Chrome Cache Entry: 160
ASCII text, with very long lines (65410)
downloaded
Chrome Cache Entry: 161
JSON data
downloaded
Chrome Cache Entry: 162
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 163
ASCII text, with very long lines (52717), with no line terminators
dropped
Chrome Cache Entry: 164
ASCII text, with very long lines (52717), with no line terminators
downloaded
Chrome Cache Entry: 165
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 166
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 167
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 168
JSON data
dropped
Chrome Cache Entry: 169
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 170
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 171
ASCII text, with very long lines (32029), with no line terminators
dropped
Chrome Cache Entry: 172
JSON data
downloaded
Chrome Cache Entry: 173
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 174
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 175
JSON data
downloaded
Chrome Cache Entry: 176
JSON data
dropped
Chrome Cache Entry: 177
JSON data
dropped
Chrome Cache Entry: 178
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 179
HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 180
ASCII text, with very long lines (46884)
dropped
Chrome Cache Entry: 181
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 182
ASCII text, with very long lines (32029), with no line terminators
downloaded
Chrome Cache Entry: 183
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 184
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 185
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 186
JSON data
dropped
Chrome Cache Entry: 187
ASCII text, with very long lines (46884)
downloaded
Chrome Cache Entry: 188
JSON data
downloaded
Chrome Cache Entry: 189
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
There are 37 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe
"C:\Users\user\Desktop\7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1884,i,637461877397389753,4389975086437105104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1936,i,10713725616331725220,8343982404964030147,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
unknown
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
unknown
https://client-api.arkoselabs.com/v2/api.js
unknown
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
unknown
https://github.com/Thraka
unknown
https://github.com/dotnet/docs/issues
unknown
http://polymer.github.io/PATENTS.txt
unknown
https://aka.ms/LFO_Events?wt.mc_id=esi_lfobannerevents_webpage_wwl
unknown
https://aka.ms/certhelp
unknown
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
unknown
https://www.linkedin.com/cws/share?url=$
unknown
https://aka.ms/ContentUserFeedback
unknown
https://github.com/mairaw
unknown
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
13.107.246.42
https://schema.org
unknown
http://polymer.github.io/LICENSE.txt
unknown
https://github.com/Youssef1313
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://aka.ms/yourcaliforniaprivacychoices
unknown
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
unknown
https://github.com/nschonni
unknown
https://aka.ms/DP600/Plan/LearnT2?ocid=fabric24-dp600plan_learnpromo_T2_ad
unknown
https://management.azure.com/subscriptions?api-version=2016-06-01
unknown
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
unknown
https://github.com/adegeo
unknown
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
unknown
https://aka.ms/pshelpmechoose
unknown
https://aka.ms/feedback/report?space=61
unknown
https://github.com/jonschlinkert/is-plain-object
unknown
https://octokit.github.io/rest.js/#throttling
unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
unknown
https://github.com/js-cookie/js-cookie
unknown
https://learn-video.azurefd.net/vod/player
unknown
https://twitter.com/intent/tweet?original_referer=$
unknown
https://github.com/$
unknown
https://github.com/gewarren
unknown
http://schema.org/Organization
unknown
http://polymer.github.io/CONTRIBUTORS.txt
unknown
https://channel9.msdn.com/
unknown
https://learn-video.azurefd.net/
unknown
https://github.com/dotnet/try
unknown
There are 32 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
js.monitor.azure.com
unknown
 malicious
mdec.nelreports.net
unknown
 malicious
s-part-0014.t-0009.t-msedge.net
13.107.246.42
www.google.com
142.250.185.132
s-part-0032.t-0009.t-msedge.net
13.107.246.60

IPs

IP
Domain
Country
Malicious
13.107.246.42
s-part-0014.t-0009.t-msedge.net
United States
142.250.185.132
www.google.com
United States
142.250.185.100
unknown
United States
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved

Memdumps

Base Address
Regiontype
Protect
Malicious
682000
unkown
page readonly
 malicious
10D0000
heap
page read and write
AF9000
stack
page read and write
1060000
heap
page read and write
D60000
heap
page read and write
2A0E000
stack
page read and write
2A4E000
stack
page read and write
790000
heap
page read and write
4510000
trusted library allocation
page read and write
2E6F000
stack
page read and write
2F6E000
stack
page read and write
780000
heap
page read and write
4E4E000
stack
page read and write
E6E000
stack
page read and write
7E0000
heap
page read and write
C25000
heap
page read and write
C0E000
heap
page read and write
1070000
heap
page read and write
680000
unkown
page readonly
2B6E000
stack
page read and write
C2D000
heap
page read and write
C00000
heap
page read and write
10D5000
heap
page read and write
D3E000
stack
page read and write
1090000
heap
page read and write
510E000
stack
page read and write
4ECC000
stack
page read and write
F6E000
stack
page read and write
C89000
heap
page read and write
2D6B000
stack
page read and write
2C6D000
stack
page read and write
1094000
heap
page read and write
500E000
stack
page read and write
729000
stack
page read and write
7E6000
heap
page read and write
4FCC000
stack
page read and write
C8D000
heap
page read and write
29BE000
stack
page read and write
C0B000
heap
page read and write
10D9000
heap
page read and write
293B000
stack
page read and write
4D4E000
stack
page read and write
7DE000
stack
page read and write
2A60000
heap
page read and write
297E000
stack
page read and write
10A0000
heap
page read and write
68E000
unkown
page readonly
There are 37 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0