Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\wp-4033.html"

Details

Is windows:	true
Is dropped:	false
PID:	2676
Target ID:	0
Parent PID:	2032
Name:	chrome.exe
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\wp-4033.html"
Size:	3151128
MD5:	FFA2B8E17F645BCC20F0E0201FEF83ED
Time:	07:54:35
Date:	24/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13f0f0000
Modulesize:	3227648
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1280,i,16188122852209060692,12297160335389111313,131072 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1184
Target ID:	1
Parent PID:	2676
Name:	chrome.exe
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1280,i,16188122852209060692,12297160335389111313,131072 /prefetch:8
Size:	3151128
MD5:	FFA2B8E17F645BCC20F0E0201FEF83ED
Time:	07:54:36
Date:	24/12/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13f0f0000
Modulesize:	3227648
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

file:///C:/Users/user/Desktop/wp-4033.html

Details

Name:	file:///C:/Users/user/Desktop/wp-4033.html
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing
URLs found in memory or binary data	Networking

https://i.ibb.co/xzvcd1f/Cyb3r-Drag0nz-Team-1.png

91.134.82.79

Details

Name:	https://i.ibb.co/xzvcd1f/Cyb3r-Drag0nz-Team-1.png
IP:	91.134.82.79
TargetID:	1
From Memory:	false
Current Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://Mirror-H.xyz/

unknown

Domains

Name

Malicious

www.google.com

172.217.17.36

Details

Name:	www.google.com
IP:	172.217.17.36
TargetID:	1
Current Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

i.ibb.co

91.134.82.79

Details

Name:	i.ibb.co
IP:	91.134.82.79
TargetID:	1
Current Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

172.217.17.36

www.google.com

United States

91.134.9.159

unknown

France

91.134.82.79

i.ibb.co

France

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/wp-4033.html

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
wp-4033.php

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportwp-4033.php

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
wp-4033.php