Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4476
Target ID:	1
Parent PID:	948
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	20:35:49
Date:	13/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,7123596082075722532,14133485325710686952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	2176
Target ID:	2
Parent PID:	4476
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,7123596082075722532,14133485325710686952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	20:35:52
Date:	13/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://whoatscpp.com/"

Details

Is windows:	true
Is dropped:	false
PID:	6896
Target ID:	4
Parent PID:	948
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://whoatscpp.com/"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	20:35:59
Date:	13/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://whoatscpp.com/

http://whoatscpp.com/assets/duihao.DpUdSGAZ.js

134.122.177.183

http://whoatscpp.com/static/img/en/tips-android.png

134.122.177.183

http://whoatscpp.com/assets/wx_bg-D5K1m_Ya.png

134.122.177.183

http://whoatscpp.com/assets/favicon-DHKtsd26.ico

134.122.177.183

http://whoatscpp.com/assets/pages-index-index.DWPOidsK.js

134.122.177.183

http://whoatscpp.com/assets/uni.ba463125.css

134.122.177.183

http://whoatscpp.com/static/img/en/tips-iphone.png

134.122.177.183

http://whoatscpp.com/assets/index-Bwr7eIwN.css

134.122.177.183

http://whoatscpp.com/assets/index-ChhF0gOo.js

134.122.177.183

http://whoatscpp.com/

134.122.177.183

http://whoatscpp.com/assets/index-BJcR9W56.css

134.122.177.183

http://whoatscpp.com/#/

http://whoatscpp.com/assets/duihao-UdTaxWoi.css

134.122.177.183

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

kf.441jv.com

202.162.99.76

Details

Name:	kf.441jv.com
IP:	202.162.99.76
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

whoatscpp.com

134.122.177.183

Details

Name:	whoatscpp.com
IP:	134.122.177.183
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
AI detected suspicious URL	Phishing	Browser Extensions
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

beacons-handoff.gcp.gvt2.com

142.250.180.99

www.google.com

142.250.186.68

Details

Name:	www.google.com
IP:	142.250.186.68
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

beacons.gvt2.com

142.250.180.67

Details

Name:	beacons.gvt2.com
IP:	142.250.180.67
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

cdn.dcloud.net.cn

124.220.205.65

Details

Name:	cdn.dcloud.net.cn
IP:	124.220.205.65
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

beacons6.gvt2.com

216.58.206.67

beacons.gcp.gvt2.com

unknown

IPs

Domain

Country

Malicious

142.250.186.68

www.google.com

United States

202.162.99.76

kf.441jv.com

Singapore

134.122.177.183

whoatscpp.com

United States

192.168.2.4

unknown

192.168.2.5

unknown

142.250.186.131

unknown

United States

124.220.205.65

cdn.dcloud.net.cn

China

DOM / HTML

URL

Malicious

http://whoatscpp.com/#/

Details

Filename:	1.0.pages.html.dom
Url:	http://whoatscpp.com/#/
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,7123596082075722532,14133485325710686952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing

http://whoatscpp.com/#/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://whoatscpp.com/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://whoatscpp.com/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://whoatscpp.com/