Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:52:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:52:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.991319695257084
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Chrome Cache Entry: 62

gzip compressed data, was "main.css", last modified: Tue Oct 22 17:17:46 2024, from Unix, original size modulo 2^32 15106

downloaded

Details

File:	Chrome Cache Entry: 62
Category:	downloaded
Dump:	chromecache_62.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	gzip compressed data, was "main.css", last modified: Tue Oct 22 17:17:46 2024, from Unix, original size modulo 2^32 15106
Entropy:	7.923077350404636
Encrypted:	false
Size:	2944
Whitelisted:	false

Chrome Cache Entry: 63

HTML document, ASCII text, with very long lines (1335)

downloaded

Details

File:	Chrome Cache Entry: 63
Category:	downloaded
Dump:	chromecache_63.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (1335)
Entropy:	5.423658889659414
Encrypted:	false
Size:	6147
Whitelisted:	false

Chrome Cache Entry: 65

PNG image data, 275 x 183, 8-bit colormap, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 65
Category:	downloaded
Dump:	chromecache_65.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 275 x 183, 8-bit colormap, non-interlaced
Entropy:	7.839916986665495
Encrypted:	false
Size:	2091
Whitelisted:	false

Chrome Cache Entry: 67

gzip compressed data, was "main.bundle.js", last modified: Tue Oct 22 17:17:46 2024, from Unix, original size modulo 2^32 141304

downloaded

Details

File:	Chrome Cache Entry: 67
Category:	downloaded
Dump:	chromecache_67.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	gzip compressed data, was "main.bundle.js", last modified: Tue Oct 22 17:17:46 2024, from Unix, original size modulo 2^32 141304
Entropy:	7.994147409058404
Encrypted:	true
Size:	41618
Whitelisted:	false

Chrome Cache Entry: 68

ASCII text, with very long lines (44628)

dropped

Details

File:	Chrome Cache Entry: 68
Category:	dropped
Dump:	chromecache_68.1.dr
ID:	dr_5
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (44628)
Entropy:	5.391070864416709
Encrypted:	false
Size:	44693
Whitelisted:	false

Chrome Cache Entry: 71

PNG image data, 748 x 299, 8-bit colormap, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 71
Category:	downloaded
Dump:	chromecache_71.1.dr
ID:	dr_6
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 748 x 299, 8-bit colormap, non-interlaced
Entropy:	7.911974174518344
Encrypted:	false
Size:	7681
Whitelisted:	false

Chrome Cache Entry: 72

ASCII text, with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 72
Category:	downloaded
Dump:	chromecache_72.1.dr
ID:	dr_7
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	4.011411723741875
Encrypted:	false
Size:	47
Whitelisted:	false

URLs

Name

Malicious

https://hubs.ly/Q02W5xMB0

Details

Filetype:	URL
Filename:	https://hubs.ly/Q02W5xMB0

Signature Hits	Behavior Group	Mitre Attack
AI detected suspicious URL	Persistence and Installation Behavior	Browser Extensions Extra Window Memory Injection
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Classification label	System Summary	Extra Window Memory Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
Creates files inside the user directory	System Summary	Masquerading
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://teams-dashboard-preaccess.ubpages.com/?utm_campaign=teams&utm_source=email

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.214.172

teams-dashboard-preaccess.ubpages.com

172.64.146.119

Details

Name:	teams-dashboard-preaccess.ubpages.com
IP:	172.64.146.119
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

builder-assets.unbounce.com

13.224.189.63

Details

Name:	builder-assets.unbounce.com
IP:	13.224.189.63
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

hubs.ly

104.16.5.207

Details

Name:	hubs.ly
IP:	104.16.5.207
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

d9hhrg4mnvzow.cloudfront.net

3.160.156.5

Details

Name:	d9hhrg4mnvzow.cloudfront.net
IP:	3.160.156.5
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.18.4

Details

Name:	www.google.com
IP:	172.217.18.4
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

142.250.184.195

unknown

United States

1.1.1.1

unknown

Australia

216.58.212.142

unknown

United States

74.125.133.84

unknown

United States

172.217.18.4

www.google.com

United States

192.168.2.16

unknown

172.64.146.119

teams-dashboard-preaccess.ubpages.com

United States

3.160.156.5

d9hhrg4mnvzow.cloudfront.net

United States

3.160.156.21

unknown

United States

13.224.189.63

builder-assets.unbounce.com

United States

104.16.5.207

hubs.ly

United States

239.255.255.250

unknown

Reserved

172.217.18.110

unknown

United States

172.217.16.195

unknown

United States

There are 4 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://hubs.ly/Q02W5xMB0

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://hubs.ly/Q02W5xMB0

Files

URLs

Domains

IPs

IOC Report
https://hubs.ly/Q02W5xMB0