IOC Report
Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html

Files

File Path

Type

Category

Malicious

Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html

HTML document, ASCII text, with very long lines (998), with no line terminators

initial sample

Chrome Cache Entry: 74

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 75

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 76

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

downloaded

Chrome Cache Entry: 77

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 78

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513

downloaded

Chrome Cache Entry: 79

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

dropped

Chrome Cache Entry: 80

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 81

ASCII text, with very long lines (567), with CRLF line terminators

downloaded

Chrome Cache Entry: 82

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 83

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 84

JSON data

downloaded

Chrome Cache Entry: 85

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 788x524, components 3

downloaded

Chrome Cache Entry: 86

ASCII text, with very long lines (65447)

dropped

Chrome Cache Entry: 87

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513

dropped

Chrome Cache Entry: 88

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 89

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 90

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 91

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 92

ASCII text, with very long lines (65447)

downloaded

Chrome Cache Entry: 93

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 94

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 788x524, components 3

dropped

Chrome Cache Entry: 95

JSON data

dropped

Chrome Cache Entry: 96

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 97

PNG image data, 201 x 24, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 98

assembler source, ASCII text, with very long lines (1680), with CRLF line terminators

downloaded

Chrome Cache Entry: 99

PNG image data, 201 x 24, 8-bit/color RGBA, non-interlaced

downloaded

There are 17 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html"

Details

Is windows:	true
Is dropped:	false
PID:	2924
Target ID:	0
Parent PID:	1780
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	17:53:54
Date:	22/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2204,i,17700267430777942068,11007756600584131557,262144 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2416
Target ID:	2
Parent PID:	2924
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2204,i,17700267430777942068,11007756600584131557,262144 /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	17:53:57
Date:	22/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

file:///C:/Users/user/Desktop/Play_VoiceMsg_mchee@eq3.com_%7BRANDOM_NUMBER5%7DCQDM.html

https://aadcdn.msauthimages.net/dbd5a2dd-n5bn1-gkoq0pwk9w-9gvdlma6mqfklulptuqsqrrcpg/logintenantbranding/0/illustration?ts=637965301824077139

152.199.21.175

https://elwblyirtd.tessougarb.shop/m/script.php

104.219.248.170

https://aadcdn.msauthimages.net/dbd5a2dd-n5bn1-gkoq0pwk9w-9gvdlma6mqfklulptuqsqrrcpg/logintenantbranding/0/bannerlogo?ts=637965301830795969

152.199.21.175

https://elwblyirtd.tessougarb.shop/m/sm/O78KQ3W1Y42Z4FQE7M5CV8U6M

104.219.248.170

https://api.ipify.org/?format=json

104.26.13.205

https://elwblyirtd.tessougarb.shop/m/mxl/sig_op.svg

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/cxx/3IDVEUMCZECWI3QXR6C70SA2U

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/ic/K9C8FJ04TTZCXXWRVI880WI45

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/ecpt/U3SAIJY9UQQM25ZCF66U84LP5

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/bxg/7R1ZWGFDXT78L4IDHLJVGYRKZ

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/aty/0I4W0CJEUWRMG1L3QG22WZZJZ

104.219.248.170

https://elwblyirtd.tessougarb.shop/m/mxl/mlg.svg?12QZ4AHQ8P06SQEU90TV4PM97

104.219.248.170

https://wzh4sjgksu.congotens.net/tQGtmmghxM/xerzPLiEbmhbqsxxoQiY

188.114.97.3

https://elwblyirtd.tessougarb.shop/m/jx/U93WOWW15SG3T0P12CV4Y50VJ

104.219.248.170

There are 5 hidden URLs, click here to show them.

Domains

Name

IP

Malicious

wzh4sjgksu.congotens.net

188.114.97.3

Details

Name:	wzh4sjgksu.congotens.net
IP:	188.114.97.3
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

sni1gl.wpc.upsiloncdn.net

152.199.21.175

s-part-0017.t-0009.t-msedge.net

13.107.246.45

s-part-0017.t-0009.fb-t-msedge.net

13.107.253.45

www.google.com

172.217.16.196

Details

Name:	www.google.com
IP:	172.217.16.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

api.ipify.org

104.26.13.205

Details

Name:	api.ipify.org
IP:	104.26.13.205
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

elwblyirtd.tessougarb.shop

104.219.248.170

Details

Name:	elwblyirtd.tessougarb.shop
IP:	104.219.248.170
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

s-part-0032.t-0009.t-msedge.net

13.107.246.60

aadcdn.msauthimages.net

unknown

Details

Name:	aadcdn.msauthimages.net
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

104.26.12.205

unknown

United States

13.107.246.45

s-part-0017.t-0009.t-msedge.net

United States

13.107.253.45

s-part-0017.t-0009.fb-t-msedge.net

United States

192.168.2.4

unknown

unknown

104.219.248.170

elwblyirtd.tessougarb.shop

United States

239.255.255.250

unknown

Reserved

188.114.97.3

wzh4sjgksu.congotens.net

European Union

152.199.21.175

sni1gl.wpc.upsiloncdn.net

United States

104.26.13.205

api.ipify.org

United States

172.217.16.196

www.google.com

United States

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/Play_VoiceMsg_mchee@eq3.com_%7BRANDOM_NUMBER5%7DCQDM.html

file:///C:/Users/user/Desktop/Play_VoiceMsg_mchee@eq3.com_%7BRANDOM_NUMBER5%7DCQDM.html

file:///C:/Users/user/Desktop/Play_VoiceMsg_mchee@eq3.com_%7BRANDOM_NUMBER5%7DCQDM.html

file:///C:/Users/user/Desktop/Play_VoiceMsg_mchee@eq3.com_%7BRANDOM_NUMBER5%7DCQDM.html