Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3128
Target ID:	0
Parent PID:	5000
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:32:05
Date:	02/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=2516,i,11791652390835288508,5041926485001491642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2908
Target ID:	2
Parent PID:	3128
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=2516,i,11791652390835288508,5041926485001491642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:32:08
Date:	02/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOCRoZLUvoB3m2cS71st-/f1QqmRmxcCoIGWZZi7ZNuKHCPxbzLAAEL/naxaTjhbjfuN3qn2st*~*tVPXRFBxcJ*~*Jvn/O1Ff6curtmVBp-b85uHn*~*KtTl6JgOf6DNJ1kOP3hr9lmFJ5DOJWw1pmUrzv4wgtMxaEi1yc1CpsTAAGIbNQFlxCsLhq568ktbJKzuP3KJV2GHlGIlG8mTRF*~*06MXFPJXvxyKv66q2QWHf4ruQ24pwnb/mb/s7TmE*~*U_0i*~*7ggu/1G_UvqSx_DDEpa__CB8Qxr-fYw/rLXuEgUSiRuT3/OcybZCjG2MoZDE__Ep9D66MhJ3HkHsMloLVNHgz_sg6ht76YyE0ASFmERihI2o0K3EHtL3H3ufRDn9Yc_ll7Gh5LP/ciZD9jyO8ASk5/iigqWwYiqyMnjVgo5XBMcTA*~*wiUCWVtawyY2c4DMkG0T7p79JQYukyyUcPCAW*~*zT/lyiwyE5cAnOV4rwzacZ3UbbQftnURM_wmSsifLjb4B4bFFFI__86wqU3d6d565556c8bac7k8j*~*-jk68*~2*fc-8cc5-9a8g-b6bf-if*~*ak*~*5gafc7-555555dp0CRyJrfVutW_v4*~*8Sm1V/l14gb=957"

Details

Is windows:	true
Is dropped:	false
PID:	6600
Target ID:	3
Parent PID:	5000
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr7Kh7KjOCRoZLUvoB3m2cS71st-/f1QqmRmxcCoIGWZZi7ZNuKHCPxbzLAAEL/naxaTjhbjfuN3qn2st~tVPXRFBxcJ~Jvn/O1Ff6curtmVBp-b85uHn~KtTl6JgOf6DNJ1kOP3hr9lmFJ5DOJWw1pmUrzv4wgtMxaEi1yc1CpsTAAGIbNQFlxCsLhq568ktbJKzuP3KJV2GHlGIlG8mTRF~06MXFPJXvxyKv66q2QWHf4ruQ24pwnb/mb/s7TmE~U_0i~7ggu/1G_UvqSx_DDEpa__CB8Qxr-fYw/rLXuEgUSiRuT3/OcybZCjG2MoZDE__Ep9D66MhJ3HkHsMloLVNHgz_sg6ht76YyE0ASFmERihI2o0K3EHtL3H3ufRDn9Yc_ll7Gh5LP/ciZD9jyO8ASk5/iigqWwYiqyMnjVgo5XBMcTA~wiUCWVtawyY2c4DMkG0T7p79JQYukyyUcPCAW~zT/lyiwyE5cAnOV4rwzacZ3UbbQftnURM_wmSsifLjb4B4bFFFI__86wqU3d6d565556c8bac7k8j~-jk68~2fc-8cc5-9a8g-b6bf-if~ak~5gafc7-555555dp0CRyJrfVutW_v4~8Sm1V/l14gb=957"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:32:16
Date:	02/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOCRoZLUvoB3m2cS71st-/f1QqmRmxcCoIGWZZi7ZNuKHCPxbzLAAEL/naxaTjhbjfuN3qn2st*~*tVPXRFBxcJ*~*Jvn/O1Ff6curtmVBp-b85uHn*~*KtTl6JgOf6DNJ1kOP3hr9lmFJ5DOJWw1pmUrzv4wgtMxaEi1yc1CpsTAAGIbNQFlxCsLhq568ktbJKzuP3KJV2GHlGIlG8mTRF*~*06MXFPJXvxyKv66q2QWHf4ruQ24pwnb/mb/s7TmE*~*U_0i*~*7ggu/1G_UvqSx_DDEpa__CB8Qxr-fYw/rLXuEgUSiRuT3/OcybZCjG2MoZDE__Ep9D66MhJ3HkHsMloLVNHgz_sg6ht76YyE0ASFmERihI2o0K3EHtL3H3ufRDn9Yc_ll7Gh5LP/ciZD9jyO8ASk5/iigqWwYiqyMnjVgo5XBMcTA*~*wiUCWVtawyY2c4DMkG0T7p79JQYukyyUcPCAW*~*zT/lyiwyE5cAnOV4rwzacZ3UbbQftnURM_wmSsifLjb4B4bFFFI__86wqU3d6d565556c8bac7k8j*~*-jk68*~2*fc-8cc5-9a8g-b6bf-if*~*ak*~*5gafc7-555555dp0CRyJrfVutW_v4*~*8Sm1V/l14gb=957

Details

Filetype:

URL

Filename:

Signature Hits	Behavior Group	Mitre Attack
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Non-Application Layer Protocol Application Layer Protocol Ingress Tool Transfer
Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later
Performs DNS lookups	Networking
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

3.211.97.227

Details

Name:	https://vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr7Kh7KjOCRoZLUvoB3m2cS71st-/f1QqmRmxcCoIGWZZi7ZNuKHCPxbzLAAEL/naxaTjhbjfuN3qn2st~tVPXRFBxcJ~Jvn/O1Ff6curtmVBp-b85uHn~KtTl6JgOf6DNJ1kOP3hr9lmFJ5DOJWw1pmUrzv4wgtMxaEi1yc1CpsTAAGIbNQFlxCsLhq568ktbJKzuP3KJV2GHlGIlG8mTRF~06MXFPJXvxyKv66q2QWHf4ruQ24pwnb/mb/s7TmE~U_0i~7ggu/1G_UvqSx_DDEpa__CB8Qxr-fYw/rLXuEgUSiRuT3/OcybZCjG2MoZDE__Ep9D66MhJ3HkHsMloLVNHgz_sg6ht76YyE0ASFmERihI2o0K3EHtL3H3ufRDn9Yc_ll7Gh5LP/ciZD9jyO8ASk5/iigqWwYiqyMnjVgo5XBMcTA~wiUCWVtawyY2c4DMkG0T7p79JQYukyyUcPCAW~zT/lyiwyE5cAnOV4rwzacZ3UbbQftnURM_wmSsifLjb4B4bFFFI__86wqU3d6d565556c8bac7k8j~-jk68~2fc-8cc5-9a8g-b6bf-if~ak~5gafc7-555555dp0CRyJrfVutW_v4~8Sm1V/l14gb=957
IP:	3.211.97.227
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

www.google.com

172.217.21.36

Details

Name:	www.google.com
IP:	172.217.21.36
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com

3.211.97.227

vlp6cm34.r.us-east-1.awstrack.me

unknown

Details

Name:	vlp6cm34.r.us-east-1.awstrack.me
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

3.211.97.227

baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com

United States

172.217.21.36

www.google.com

United States

192.168.2.4

unknown

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Processes

URLs

Domains

IPs