Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.982790074563107
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.998074710682834
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.006469731734413
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9961478679861697
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.984327679149806
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:11:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9921696204600434
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a

Details

Filetype:	URL
Filename:	https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing	Extra Window Memory Injection
HTML page contains obfuscated javascript	Phishing	Extra Window Memory Injection
HTML body contains low number of good links	Phishing
HTML page contains hidden javascript code	Phishing	Extra Window Memory Injection
HTML title does not match URL	Phishing	Extra Window Memory Injection
Invalid 'sign-in options' or 'sign-up' link found	Phishing	Extra Window Memory Injection
Invalid T&C link found	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Classification label	System Summary	Extra Window Memory Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing	Extra Window Memory Injection
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://maggart.epdfonline.info/&redirect=22cbcae7c6c01bc7789d26be305d450f4d698e07main&uid=f253efe302d32ab264a76e0ce65be769671a9c1685c8e

Details

Name:	https://maggart.epdfonline.info/&redirect=22cbcae7c6c01bc7789d26be305d450f4d698e07main&uid=f253efe302d32ab264a76e0ce65be769671a9c1685c8e
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
HTML page contains obfuscated javascript	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Invalid 'sign-in options' or 'sign-up' link found	Phishing
Invalid T&C link found	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a

https://maggart.epdfonline.info/

https://maggart.epdfonline.info/?__cf_chl_rt_tk=XIhaNuCPDDnZoHa8Ow8nmcsrkbWrYMlGUSuVpClS6Z4-1729797117-1.0.1.1-z_QF__kh5GgxKeFkqbbUxzS7buRYSRKioqL.JopT_wg

Details

Name:	https://maggart.epdfonline.info/?__cf_chl_rt_tk=XIhaNuCPDDnZoHa8Ow8nmcsrkbWrYMlGUSuVpClS6Z4-1729797117-1.0.1.1-z_QF__kh5GgxKeFkqbbUxzS7buRYSRKioqL.JopT_wg
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
HTML page is missing a favicon	Phishing

Domains

Name

Malicious

maggart.epdfonline.info

172.67.198.56

d24ja5rr2ru810.cloudfront.net

13.32.27.60

a.nel.cloudflare.com

35.190.80.1

challenges.cloudflare.com

104.18.94.41

www.google.com

142.250.74.196

flodesk.com

104.18.18.100

drjpqllaq6nvc.cloudfront.net

3.160.150.117

d19bko3sd5yxe1.cloudfront.net

18.245.46.106

usercontent.flodesk.com

unknown

view.flodesk.com

unknown

assets.flodesk.com

unknown

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

172.67.198.56

maggart.epdfonline.info

United States

13.32.27.60

d24ja5rr2ru810.cloudfront.net

United States

142.250.186.35

unknown

United States

142.250.184.195

unknown

United States

104.21.44.88

unknown

United States

1.1.1.1

unknown

Australia

18.245.46.106

d19bko3sd5yxe1.cloudfront.net

United States

142.250.74.206

unknown

United States

3.160.150.117

drjpqllaq6nvc.cloudfront.net

United States

104.18.94.41

challenges.cloudflare.com

United States

192.168.2.16

unknown

13.32.27.27

unknown

United States

104.18.95.41

unknown

United States

142.250.185.106

unknown

United States

104.18.18.100

flodesk.com

United States

239.255.255.250

unknown

Reserved

192.168.2.23

unknown

142.250.186.142

unknown

United States

64.233.184.84

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

142.250.74.196

www.google.com

United States

There are 11 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a

Files

URLs

Domains

IPs

IOC Report
https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a