Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip (copy)

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

Details

File:	C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip (copy)
Category:	dropped
Dump:	FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.963293163823115
Encrypted:	false
Ssdeep:	96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
Size:	6957
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Downloads suspicious files via Chrome	System Summary

C:\Users\user\AppData\Local\Temp\unarchiver.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\unarchiver.log
Category:	dropped
Dump:	unarchiver.log.13.dr
ID:	dr_4
Target ID:	13
Process:	C:\Windows\SysWOW64\unarchiver.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.265316809868836
Encrypted:	false
Ssdeep:	48:RFDIgxME0NlJTG8TGb8TG8TGpmTGPTG8TGplIgxME0NTGbSTGsIgxME0NTGcNTGl:DZMEMMEliMErLx
Size:	2600
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

Details

File:	C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload
Category:	dropped
Dump:	FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.963293163823115
Encrypted:	false
Ssdeep:	96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
Size:	6957
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 49

Zip archive data, at least v2.0 to extract, compression method=deflate

downloaded

Details

File:	Chrome Cache Entry: 49
Category:	downloaded
Dump:	chromecache_49.2.dr
ID:	dr_5
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.963293163823115
Encrypted:	false
Ssdeep:	96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
Size:	6957
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 50

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

Details

File:	Chrome Cache Entry: 50
Category:	dropped
Dump:	chromecache_50.2.dr
ID:	dr_3
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Entropy:	7.862952554761723
Encrypted:	false
Ssdeep:	24:M5DhErRsW6OTfolVFt/qRyFQCB0RxgawoIqH4B36zPiX9/YhtdHft7:M5dIWGbofFBq+GR2eITI6sf9
Size:	1594
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3956
Target ID:	0
Parent PID:	4412
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	19:07:27
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1984,i,9041773597454674287,8571613679135902817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3040
Target ID:	2
Parent PID:	3956
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1984,i,9041773597454674287,8571613679135902817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	19:07:30
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv"

Details

Is windows:	true
Is dropped:	false
PID:	5776
Target ID:	9
Parent PID:	4412
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	19:07:33
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\unarchiver.exe

"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"

Details

Is windows:	true
Is dropped:	false
PID:	6468
Target ID:	13
Parent PID:	3956
Name:	unarchiver.exe
Path:	C:\Windows\SysWOW64\unarchiver.exe
Commandline:	"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
Size:	12800
MD5:	16FF3CC6CC330A08EED70CBC1D35F5D2
Time:	20:19:15
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\7za.exe

"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\cbr0q0l4.clz" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"

Details

Is windows:	true
Is dropped:	false
PID:	6328
Target ID:	14
Parent PID:	6468
Name:	7za.exe
Path:	C:\Windows\SysWOW64\7za.exe
Commandline:	"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\cbr0q0l4.clz" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
Size:	289792
MD5:	77E556CDFDC5C592F5C46DB4127C6F4C
Time:	20:19:15
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x720000
Modulesize:	315392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5748
Target ID:	15
Parent PID:	6328
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	20:19:15
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff75da10000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

docs.google.com

142.250.184.238

Details

Name:	docs.google.com
IP:	142.250.184.238
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

bg.microsoft.map.fastly.net

199.232.214.172

s-part-0017.t-0009.t-msedge.net

13.107.246.45

drive.usercontent.google.com

142.250.185.193

Details

Name:	drive.usercontent.google.com
IP:	142.250.185.193
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.18.4

Details

Name:	www.google.com
IP:	172.217.18.4
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

s-part-0032.t-0009.t-msedge.net

13.107.246.60

IPs

Domain

Country

Malicious

142.250.185.193

drive.usercontent.google.com

United States

239.255.255.250

unknown

Reserved

172.217.18.4

www.google.com

United States

192.168.2.7

unknown

142.250.184.238

docs.google.com

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

960000

heap

page read and write

8E4000

heap

page read and write

8F0000

trusted library allocation

page read and write

2A08000

trusted library allocation

page read and write

C40000

trusted library allocation

page read and write

7F0000

heap

page read and write

7EE000

stack

page read and write

968000

heap

page read and write

700000

heap

page read and write

3961000

trusted library allocation

page read and write

710000

heap

page read and write

87E000

stack

page read and write

2A0D000

trusted library allocation

page read and write

840000

trusted library allocation

page read and write

886000

heap

page read and write

2A1B000

trusted library allocation

page read and write

7FAB0000

trusted library allocation

page execute and read and write

2A10000

trusted library allocation

page read and write

66E000

stack

page read and write

B20000

heap

page read and write

86B000

heap

page read and write

A5E000

stack

page read and write

4F9000

stack

page read and write

29E3000

trusted library allocation

page read and write

8BE000

stack

page read and write

B5F000

stack

page read and write

915000

heap

page read and write

A62000

trusted library allocation

page execute and read and write

85A000

trusted library allocation

page execute and read and write

1DC000

stack

page read and write

C50000

trusted library allocation

page execute and read and write

4F0E000

stack

page read and write

49EE000

stack

page read and write

84A000

trusted library allocation

page execute and read and write

8C0000

heap

page read and write

FF0000

trusted library allocation

page read and write

540000

heap

page read and write

8E0000

heap

page read and write

4CCE000

stack

page read and write

A7B000

trusted library allocation

page execute and read and write

820000

trusted library allocation

page read and write

6FD000

stack

page read and write

6A0000

heap

page read and write

860000

heap

page read and write

2A21000

trusted library allocation

page read and write

C2E000

stack

page read and write

29A7000

trusted library allocation

page read and write

4F6000

stack

page read and write

2961000

trusted library allocation

page read and write

2A19000

trusted library allocation

page read and write

832000

trusted library allocation

page execute and read and write

29D6000

trusted library allocation

page read and write

620000

heap

page read and write

2A02000

trusted library allocation

page read and write

4DCE000

stack

page read and write

29AF000

trusted library allocation

page read and write

4AED000

stack

page read and write

A77000

trusted library allocation

page execute and read and write

910000

heap

page read and write

C5F000

stack

page read and write

29FC000

trusted library allocation

page read and write

83A000

trusted library allocation

page execute and read and write

E10000

heap

page execute and read and write

2A1E000

trusted library allocation

page read and write

29F9000

trusted library allocation

page read and write

29D0000

trusted library allocation

page read and write

39C000

stack

page read and write

A6A000

trusted library allocation

page execute and read and write

ABE000

stack

page read and write

2A0A000

trusted library allocation

page read and write

1000000

heap

page read and write

842000

trusted library allocation

page execute and read and write

84C000

trusted library allocation

page execute and read and write

4FB000

stack

page read and write

29B4000

trusted library allocation

page read and write

7AF000

stack

page read and write

89E000

heap

page read and write

8C7000

heap

page read and write

29C2000

trusted library allocation

page read and write

29E0000

trusted library allocation

page read and write

2A24000

trusted library allocation

page read and write

B0E000

stack

page read and write

C70000

heap

page read and write

FBE000

stack

page read and write

29FF000

trusted library allocation

page read and write

4C2A000

stack

page read and write

2A13000

trusted library allocation

page read and write

29B7000

trusted library allocation

page read and write

4B2D000

stack

page read and write

4E0E000

stack

page read and write

6A6000

heap

page read and write

86E000

heap

page read and write

29F7000

trusted library allocation

page read and write

29CA000

trusted library allocation

page read and write

2990000

trusted library allocation

page read and write

29C5000

trusted library allocation

page read and write

2400000

heap

page read and write

8E6000

heap

page read and write

There are 88 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download

Details

Filename:	0.0.pages.html.dom
Url:	https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1984,i,9041773597454674287,8571613679135902817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
AI detected landing page (webpage, office document or email)	Persistence and Installation Behavior	Browser Extensions

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv

Files

Processes

Domains

IPs

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv

Files

Processes

Domains

IPs

Memdumps

DOM / HTML

IOC Report
https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv