Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6208
Target ID:	0
Parent PID:	3632
Name:	chrome.exe
Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Commandline:	"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --start-maximized "about:blank"
Size:	2450432
MD5:	B6CB00FCB81D3B66870817AEBE7163BB
Time:	14:18:10
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7de7d0000
Modulesize:	2535424
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2116 --field-trial-handle=2004,i,16929989459866811795,18379837460261378980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6512
Target ID:	1
Parent PID:	6208
Name:	chrome.exe
Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Commandline:	"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2116 --field-trial-handle=2004,i,16929989459866811795,18379837460261378980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	2450432
MD5:	B6CB00FCB81D3B66870817AEBE7163BB
Time:	14:18:11
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7de7d0000
Modulesize:	2535424
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" "https://sync.search.spotxchange.com"

Details

Is windows:	true
Is dropped:	false
PID:	3824
Target ID:	4
Parent PID:	3632
Name:	chrome.exe
Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Commandline:	"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" "https://sync.search.spotxchange.com"
Size:	2450432
MD5:	B6CB00FCB81D3B66870817AEBE7163BB
Time:	14:18:12
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7de7d0000
Modulesize:	2535424
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://sync.search.spotxchange.com

Details

Filetype:	URL
Filename:	https://sync.search.spotxchange.com

Signature Hits	Behavior Group	Mitre Attack
Dynamic code execution using eval()	Phishing	JavaScript
HTTP GET or POST without a user agent	Networking
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Ingress Tool Transfer
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Posts data to webserver	Networking
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://clients2.googleusercontent.com/crx/blobs/AYA8Vyx2J_yUZTKcv47OjJ_lQNlaCYqeh8SOiGiawnXT0TvFvxRmwfkcv63jai6G-68PkdQz0qjWRURdD69KjIEk_1WMoGqX2-nmHyARS_kIQQQ8jggfB8g6y3OxQgNbZ3cAxlKa5c6rbuh5modTsW2qcgj5aN-TT3fn/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_10_2_0.crx

142.250.185.193

https://chrome-devtools-frontend.appspot.com/serve_file/@386bc09e8f4f2e025eddae123f36f6263096ae49/third_party/vscode.web-custom-data/browsers.css-data.json

142.250.113.153

https://chrome.google.com/webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj

142.250.115.100

Details

Name:	https://chrome.google.com/webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj
IP:	142.250.115.100
TargetID:	1
From Memory:	false
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Domains

Name

Malicious

chrome.cloudflare-dns.com

172.64.41.3

Details

Name:	chrome.cloudflare-dns.com
IP:	172.64.41.3
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

google.com

216.58.206.46

Details

Name:	google.com
IP:	216.58.206.46
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

216.58.206.68

Details

Name:	www.google.com
IP:	216.58.206.68
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

googlehosted.l.googleusercontent.com

142.250.185.193

clients2.googleusercontent.com

unknown

Details

Name:	clients2.googleusercontent.com
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

sync.search.spotxchange.com

unknown

Details

Name:	sync.search.spotxchange.com
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Chromium\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

142.251.116.147

unknown

United States

192.168.2.17

unknown

142.250.113.94

unknown

United States

216.58.206.68

www.google.com

United States

142.250.115.100

unknown

United States

142.250.185.193

googlehosted.l.googleusercontent.com

United States

162.159.61.3

unknown

United States

142.250.115.113

unknown

United States

239.255.255.250

unknown

Reserved

142.250.113.153

unknown

United States

172.64.41.3

chrome.cloudflare-dns.com

United States

127.0.0.1

unknown

There are 2 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://sync.search.spotxchange.com

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://sync.search.spotxchange.com

Processes

URLs

Domains

IPs

IOC Report
https://sync.search.spotxchange.com