IOC Report
https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net.

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\643a1987-55d3-4d58-8660-d86b6f576bed.tmp
RAR archive data, v5
dropped
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application (1).xls.z (copy)
RAR archive data, v5
dropped
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application (1).xls.z.crdownload
RAR archive data, v5
dropped
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application.xls.z (copy)
RAR archive data, v5
dropped
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application.xls.z.crdownload
RAR archive data, v5
dropped
C:\Users\user\Downloads\bc926371-fb61-4026-ac03-5bdb9c957e0a.tmp
RAR archive data, v5
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2168,i,1335209173485336982,5855269918199286586,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net."

URLs

Name
IP
Malicious
https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net.
https://security-za.m.mimecastprotect.com/ttpwp/resources/languages/en.json
41.74.192.87
https://cdn.discordapp.com/attachments/1309071256703991839/1309114652906491935/Mandatory_Notice_for_all_December_Leave_and_Vacation_application.xls.z?ex=67406787&is=673f1607&hm=7cc1154f0d5655485232483d18f50467f8f6693e8153e451db4924feef63cd2f&
162.159.135.233
https://security-za.m.mimecastprotect.com/ttpwp/resources/images/favicon.ico
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/polyfills.5257ca6e429949972959.js
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/images/mimecast-logo.png
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
https://security-za.m.mimecastprotect.com/ttpwp/resources/main.5257ca6e429949972959.js
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/styles.5257ca6e429949972959.js
41.74.192.87
https://security-za.m.mimecastprotect.com/ttpwp/resources/runtime.5257ca6e429949972959.js
41.74.192.87
https://security-za.m.mimecastprotect.com/api/ttp/url/get-page-data
41.74.192.87
https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net.
41.74.196.103
There are 4 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn.discordapp.com
162.159.135.233
www.google.com
172.217.16.132
security-za.m.mimecastprotect.com
41.74.192.87
url.za.m.mimecastprotect.com
41.74.196.103
u48186210.ct.sendgrid.net
unknown

IPs

IP
Domain
Country
Malicious
167.89.123.122
unknown
United States
41.74.196.103
url.za.m.mimecastprotect.com
South Africa
192.168.2.4
unknown
unknown
162.159.135.233
cdn.discordapp.com
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
41.74.192.87
security-za.m.mimecastprotect.com
South Africa
172.217.16.132
www.google.com
United States

DOM / HTML

URL
Malicious
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7