Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6920
Target ID:	0
Parent PID:	5872
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	19:17:58
Date:	02/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff77eaf0000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,16079603147471412564,16033331980885956932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	7148
Target ID:	1
Parent PID:	6920
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,16079603147471412564,16033331980885956932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	19:17:59
Date:	02/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff77eaf0000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tspice.nevendingwaer.shop/10s35o"

Details

Is windows:	true
Is dropped:	false
PID:	3472
Target ID:	2
Parent PID:	5872
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tspice.nevendingwaer.shop/10s35o"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	19:18:00
Date:	02/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff77eaf0000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://tspice.nevendingwaer.shop/10s35o

https://neat.owa-wensglotii.top/?sso_reload=true

https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.js

76.76.21.21

https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.js

76.76.21.21

https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.js

76.76.21.21

https://neat.owa-wensglotii.top/

https://oka.greenthreads.hr/background.jpg

76.76.21.21

https://netro.gitcombust.shop/styles.css

104.21.16.1

https://www.clkmg.com/redir.cgi?url=R%2bsdRIAkJagZShf8s3PO%2ffhP%2fk%2bF9X1SLJG7yO2j4ZW%2buVyVLHDAb6R%2bRCXcnUYLh4wbUOSwVvu%2bbkT5&pixel=0&lidc=1749876487

https://a.nel.cloudflare.com/report/v4?s=AOsDOT7V2n%2BVqE59ga7URH%2BJY%2BtRcjJ3XYAruEQCMy71escOYn0jjqQd%2BQVjamwXRJvQVx%2FZs9nRMbvFMYhqgwGhDFtt6xi8TA4p4Ftrp44uuLoVPZQO3lt9Es67NcUZcIkPrfLuuNI%3D

35.190.80.1

https://api.telegram.org/bot

unknown

https://netro.gitcombust.shop/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.16.1

https://www.clkmg.com/favicon.ico

34.208.136.93

https://api64.ipify.org/?format=json

104.237.62.213

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92a40be64eeb4207&lang=auto

104.18.95.41

https://api64.ipify.org?format=json

unknown

https://patnero.thesilent.de/api/get_doc_url

216.24.57.1

https://oka.greenthreads.hr/_next/static/chunks/main-de1ad41d606513c1.js

76.76.21.21

https://netro.gitcombust.shop

unknown

https://a.nel.cloudflare.com/report/v4?s=MGxL2MhfCvLRG8OYhlNJwZF88NcGn4B26cWV1ZOEr3pWuUnsHF2e3c%2BsbNWRlc3XXuC3soFxAM13kkGvurzLkSM0Qf87Vtud1P1k6wfdzpi1U%2FbsIRGnFxHgmaVKoNtZIk9UOhvawVIwNg%3D%3D

35.190.80.1

https://neat.owa-wensglotii.top/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.173.205

https://a.nel.cloudflare.com/report/v4?s=3CFgSQ7wpHKfbcoGZLpsc0o8SUPudrvIk74xTL8GislQejX%2BN25iqNuvDJosmfunlP9XXrdLXBnwsv%2BW1oRCNrFll4LTv%2BR2HzyXwug8fksArE8HJBm3jGZ9E%2Bj2G1ty7NwDuq%2Bl2icI0A%3D%3D

35.190.80.1

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1499769500:1743632029:P_0zixKJ-4WUWIOsROrdRoULs5217WwZlPx5541St-o/92a40be64eeb4207/7lRZd1PVRft_IHpOAglSXfce_428Cyn2p6eXzRxSYkw-1743635917-1.1.1.1-yURwJl34gRgDkuK0_GBWVZPs49HRkPyIH0pELBEfOlm4aR4LrRznAFnehPPcOCzP

104.18.95.41

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ala78/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/

104.18.95.41

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/92a40be64eeb4207/1743635919028/491c67d0fd8f95e78ee8c956c16c9501dfc69957720b9f60053e803b5d987dbc/2cIw66xc0mR73sr

104.18.95.41

https://oka.greenthreads.hr/favicon.ico

76.76.21.21

https://neat.owa-wensglotii.top/cdn-cgi/challenge-platform/h/g/flow/ov1/1739920309:1743632078:pfnU86u9scmSBSucPTHJvNoIsWAyZZK--dDTMKDE_X0/92a40bda6d48440b/7vbMaJmbYFpS1XBvLF5lXbC3HhJoPWKl7XoLi6Za4ZA-1743635916-1.2.1.1-CfcYcWFGsWvL2kQ1yQqL3gQ_dqiI2deKgYCh_5mHST_5GhEM.BKbOHHlrIxNJ69c

172.67.173.205

https://oka.greenthreads.hr/_next/static/css/19d09a6113afa007.css

76.76.21.21

https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

23.209.72.31

https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/g/scripts/jsd/64912bd87b0e/main.js?

104.21.16.1

https://api.telegram.org/bot7622174179:AAHCV1oWQuJrs_r4R6A1iMz0oaj3zWCQiPk/sendMessage

149.154.167.220

https://tspice.nevendingwaer.shop/10s35o

104.21.48.207

https://oka.greenthreads.hr/_next/static/chunks/framework-2c79e2a64abdb08b.js

76.76.21.21

https://classntfst.shop/ne/

172.67.154.53

https://logo.clearbit.com/dsgfsdgf.com

108.138.106.32

https://neat.owa-wensglotii.top/favicon.ico

172.67.173.205

http://knockoutjs.com/

unknown

https://oka.greenthreads.hr/

https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/g/jsd/r/0.3292434525870424:1743635421:7toW2C2B06kj9_L1hsFVkQV53rYAp6gtiaVQEyDO1_I/92a40b1abed1d826

104.21.16.1

https://github.com/douglascrockford/JSON-js

unknown

https://portal.microsoftonline.com/Prefetch/Prefetch.aspx

13.107.6.156

https://netro.gitcombust.shop/script.js

104.21.16.1

https://rail-bot-production.up.railway.app/api/detect_bot

66.33.22.1

https://feross.org

unknown

https://oka.greenthreads.hr/_next/static/chunks/webpack-ee7e63bc15b31913.js

76.76.21.21

http://www.opensource.org/licenses/mit-license.php)

unknown

https://oka.greenthreads.hr/_next/static/chunks/186-e401717d9e8b842b.js

76.76.21.21

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/92a40be64eeb4207/1743635919027/n7q2tT8Qi4AIMPY

104.18.95.41

https://neat.owa-wensglotii.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/64912bd87b0e/main.js?

172.67.173.205

https://www.gravatar.com/avatar/1f5e73c9d92416b3425a61c6b031d856?d=identicon

192.0.73.2

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1

104.18.95.41

https://vercel.live/_next-live/feedback/feedback.js

unknown

https://www.gravatar.com/avatar/

unknown

https://a.nel.cloudflare.com/report/v4?s=78v7gUnqEBi0C3x9woRsrZqVo0pHX8lablwAzw5Ca00CiitcBhKNt91zFGl0B2j2ForlJCKLIDpmiSa8xVPUrhuAcIe%2FqX458OsKzV1M6YbE%2FzsVBh9uJ0Eusevb5geXbXOHK07ivqY%3D

35.190.80.1

https://logo.clearbit.com/

unknown

https://netro.gitcombust.shop/

https://netro.gitcombust.shop/favicon.ico

104.21.16.1

https://oka.greenthreads.hr/_next/static/chunks/pages/_app-aea6920bd27938ca.js

76.76.21.21

https://www.clkmg.com/h4pussy/10s35o

34.208.136.93

https://neat.owa-wensglotii.top/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=92a40bda6d48440b

172.67.173.205

There are 49 hidden URLs, click here to show them.

Domains

Name

Malicious

s-part-0012.t-0009.t-msedge.net

13.107.246.40

a.nel.cloudflare.com

35.190.80.1

e329293.dscd.akamaiedge.net

23.209.72.31

patnero.thesilent.de

216.24.57.1

classntfst.shop

172.67.154.53

s-part-0044.t-0009.t-msedge.net

13.107.246.72

www.gravatar.com

192.0.73.2

b-0004.b-msedge.net

13.107.6.156

a1894.dscb.akamai.net

23.44.133.184

clk-1038715867.us-west-2.elb.amazonaws.com

34.208.136.93

api64.ipify.org

104.237.62.213

d26p066pn2w0s0.cloudfront.net

108.138.106.32

tspice.nevendingwaer.shop

104.21.48.207

neat.owa-wensglotii.top

172.67.173.205

challenges.cloudflare.com

104.18.94.41

oka.greenthreads.hr

76.76.21.21

netro.gitcombust.shop

104.21.16.1

www.google.com

142.251.41.4

api.telegram.org

149.154.167.220

edge.railway.app

66.33.22.1

www.clkmg.com

unknown

aadcdn.msftauth.net

unknown

rail-bot-production.up.railway.app

unknown

portal.microsoftonline.com

unknown

identity.nel.measure.office.net

unknown

logo.clearbit.com

unknown

There are 16 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.168.2.16

unknown

13.107.6.156

b-0004.b-msedge.net

United States

108.138.106.32

d26p066pn2w0s0.cloudfront.net

United States

104.18.94.41

challenges.cloudflare.com

United States

216.24.57.1

patnero.thesilent.de

United States

66.33.22.1

edge.railway.app

Canada

172.67.154.53

classntfst.shop

United States

34.208.136.93

clk-1038715867.us-west-2.elb.amazonaws.com

United States

149.154.167.220

api.telegram.org

United Kingdom

172.67.173.205

neat.owa-wensglotii.top

United States

35.190.80.1

a.nel.cloudflare.com

United States

23.209.72.31

e329293.dscd.akamaiedge.net

United States

173.231.16.77

unknown

United States

76.76.21.21

oka.greenthreads.hr

United States

104.21.16.1

netro.gitcombust.shop

United States

104.21.48.207

tspice.nevendingwaer.shop

United States

104.21.32.1

unknown

United States

104.18.95.41

unknown

United States

192.0.73.2

www.gravatar.com

United States

104.237.62.213

api64.ipify.org

United States

142.251.41.4

www.google.com

United States

There are 11 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://oka.greenthreads.hr/

https://neat.owa-wensglotii.top/

https://neat.owa-wensglotii.top/?sso_reload=true

https://www.clkmg.com/redir.cgi?url=R%2bsdRIAkJagZShf8s3PO%2ffhP%2fk%2bF9X1SLJG7yO2j4ZW%2buVyVLHDAb6R%2bRCXcnUYLh4wbUOSwVvu%2bbkT5&pixel=0&lidc=1749876487

https://netro.gitcombust.shop/

https://oka.greenthreads.hr/

https://neat.owa-wensglotii.top/

https://neat.owa-wensglotii.top/?sso_reload=true

There are 11 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://tspice.nevendingwaer.shop/10s35o

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://tspice.nevendingwaer.shop/10s35o

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://tspice.nevendingwaer.shop/10s35o