Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.99200728788616
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.009368507214256
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.019258818810573
Encrypted:	false
Size:	2693
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.005012941168645
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9959685133928886
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.006897987300051
Encrypted:	false
Size:	2683
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://www.litebee.com/product/liteBeeWingFm/

Details

Filetype:	URL
Filename:	https://www.litebee.com/product/liteBeeWingFm/

Signature Hits	Behavior Group	Mitre Attack
HTML body with high number of embedded SVGs detected	Phishing	Extra Window Memory Injection
HTML title does not match URL	Phishing	Extra Window Memory Injection
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Classification label	System Summary	Extra Window Memory Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
Creates files inside the user directory	System Summary	Masquerading
Found iframes	Phishing	Drive-by Compromise
HTML page is missing a favicon	Phishing	Extra Window Memory Injection
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://www.litebee.com/product/liteBeeWingFm/qa

Details

Name:	https://www.litebee.com/product/liteBeeWingFm/qa
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Found iframes	Phishing	Drive-by Compromise
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://www.litebee.com/product/liteBeeWingFm/

Details

Name:	https://www.litebee.com/product/liteBeeWingFm/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Spawns processes	System Summary	Process Injection

https://www.litebee.com/product/liteBeeWingFm/video

Details

Name:	https://www.litebee.com/product/liteBeeWingFm/video
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Found iframes	Phishing	Drive-by Compromise
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://www.youtube.com/watch?v=D-FGNCP36ws

Details

Name:	https://www.youtube.com/watch?v=D-FGNCP36ws
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML body with high number of embedded SVGs detected	Phishing
HTML page is missing a favicon	Phishing

https://www.litebee.com/product/liteBeeWingFm/download

Details

Name:	https://www.litebee.com/product/liteBeeWingFm/download
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML title does not match URL	Phishing
Found iframes	Phishing	Drive-by Compromise
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Domains

Name

Malicious

mkf-web-en.oss-cn-shenzhen.aliyuncs.com

112.74.1.153

vc-live-cf.hotjar.io

18.239.36.61

resource.litebee.com.w.kunlunsl.com

47.246.46.207

i.ytimg.com

142.250.74.214

mkf-resource.oss-cn-shenzhen.aliyuncs.com

112.74.1.148

rr4.sn-a5msen7l.googlevideo.com

173.194.167.73

rr4.sn-a5mekn6k.googlevideo.com

173.194.8.233

stats.g.doubleclick.net

142.250.110.155

youtube.com

142.250.185.174

analytics-alv.google.com

216.239.32.181

youtube-ui.l.google.com

142.250.184.206

script.hotjar.com

13.33.187.74

googleads.g.doubleclick.net

142.250.185.98

rr4.sn-q4fl6nd6.googlevideo.com

173.194.24.233

play.google.com

142.250.184.238

photos-ugc.l.googleusercontent.com

142.250.185.161

www.google.com

142.250.185.228

td.doubleclick.net

142.250.186.66

rr2.sn-a5mekn6r.googlevideo.com

173.194.12.135

static-cdn.hotjar.com

18.66.102.106

static.getbutton.io

104.26.15.221

yt3.ggpht.com

unknown

rr4---sn-a5msen7l.googlevideo.com

unknown

rr2---sn-a5mekn6r.googlevideo.com

unknown

www.litebee.com

unknown

vc.hotjar.io

unknown

static.hotjar.com

unknown

rr4---sn-a5mekn6k.googlevideo.com

unknown

resource.litebee.com

unknown

analytics.google.com

unknown

rr4---sn-q4fl6nd6.googlevideo.com

unknown

www.youtube.com

unknown

There are 22 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.185.78

unknown

United States

142.250.74.202

unknown

United States

142.250.185.228

www.google.com

United States

216.58.206.74

unknown

United States

172.217.16.214

unknown

United States

172.217.18.14

unknown

United States

192.168.2.17

unknown

216.58.206.78

unknown

United States

173.194.24.233

rr4.sn-q4fl6nd6.googlevideo.com

United States

18.66.102.106

static-cdn.hotjar.com

United States

142.250.185.168

unknown

United States

112.74.1.153

mkf-web-en.oss-cn-shenzhen.aliyuncs.com

China

74.125.206.84

unknown

United States

18.239.36.61

vc-live-cf.hotjar.io

United States

142.250.185.163

unknown

United States

47.246.46.207

resource.litebee.com.w.kunlunsl.com

United States

173.194.167.73

rr4.sn-a5msen7l.googlevideo.com

United States

142.250.185.161

photos-ugc.l.googleusercontent.com

United States

172.67.74.247

unknown

United States

173.194.12.135

rr2.sn-a5mekn6r.googlevideo.com

United States

142.250.184.206

youtube-ui.l.google.com

United States

142.250.186.74

unknown

United States

142.250.74.195

unknown

United States

142.250.186.99

unknown

United States

142.250.184.202

unknown

United States

142.250.186.35

unknown

United States

18.239.94.121

unknown

United States

142.250.185.67

unknown

United States

142.250.186.78

unknown

United States

1.1.1.1

unknown

Australia

142.250.74.214

i.ytimg.com

United States

172.217.16.129

unknown

United States

216.239.32.181

analytics-alv.google.com

United States

142.250.185.110

unknown

United States

142.250.110.155

stats.g.doubleclick.net

United States

173.194.8.233

rr4.sn-a5mekn6k.googlevideo.com

United States

239.255.255.250

unknown

Reserved

142.250.185.174

youtube.com

United States

13.33.187.74

script.hotjar.com

United States

142.250.185.194

unknown

United States

64.233.184.84

unknown

United States

142.250.184.238

play.google.com

United States

104.26.15.221

static.getbutton.io

United States

13.33.187.109

unknown

United States

142.250.186.66

td.doubleclick.net

United States

142.250.185.98

googleads.g.doubleclick.net

United States

There are 36 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.litebee.com/product/liteBeeWingFm/

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.litebee.com/product/liteBeeWingFm/

Files

URLs

Domains

IPs

IOC Report
https://www.litebee.com/product/liteBeeWingFm/