Automated Malware Analysis IOC Report for

Files

File Path

Type

URLs

Name

Malicious

https://files.fm/u/vtrxvgdh6w

Details

Filetype:	URL
Filename:	https://files.fm/u/vtrxvgdh6w

Signature Hits	Behavior Group	Mitre Attack
Connects to several IPs in different countries	Networking
Detected non-DNS traffic on DNS port	Networking
HTML page contains hidden javascript code	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://files.fm/u/vtrxvgdh6w

Details

Name:	https://files.fm/u/vtrxvgdh6w
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

securepubads.g.doubleclick.net

142.250.181.226

jsdelivr.map.fastly.net

151.101.1.229

um.simpli.fi

35.204.158.49

bidder.nl3.vip.prod.criteo.com

178.250.1.8

ssum.casalemedia.com

104.18.36.155

id5-sync.com

162.19.138.118

stpd.cloud

104.18.31.49

eu-eb2.3lift.com

13.248.245.213

1x1.a-mo.net

35.157.229.52

rtb.openx.net

35.227.252.103

node.setupad.com

159.89.25.223

stats.g.doubleclick.net

74.125.138.156

cdn.w55c.net

3.73.251.134

script.4dex.io

104.26.8.169

sync.crwdcntrl.net

54.77.8.248

cdn.bidbrain.app

172.67.176.164

an.yandex.ru

213.180.193.90

www.google.lv

142.250.186.67

cm.g.doubleclick.net

172.217.18.98

eu-tlx.3lift.com

18.157.230.4

ds-pr-bh.ybp.gysm.yahoodns.net

34.248.152.121

www.google.com

142.250.185.132

lb.eu-1-id5-sync.com

162.19.138.120

cdn-content.ampproject.org

142.250.185.129

analytics.files.fm

159.148.57.60

mp.4dex.io

172.64.153.78

match.adsrvr.org

52.223.40.198

match.prod.bidr.io

52.212.66.79

ow-lhrc.pubmnet.com

185.64.190.84

pagead-googlehosted.l.google.com

142.250.186.161

nydc1.outbrain.org

64.202.112.63

files.fm

104.27.206.92

pixel-sync.sitescout.com

34.36.216.150

ep2.adtrafficquality.google

142.250.184.225

euw-ice.360yield.com

52.214.206.94

analytics-alv.google.com

216.239.32.181

gum.fr3.vip.prod.criteo.com

178.250.7.13

googleads.g.doubleclick.net

142.250.105.154

ln-0002.ln-msedge.net

150.171.22.12

presentation-ams1.turn.com

46.228.164.11

td.doubleclick.net

74.125.21.154

fv1-3.failiem.lv

87.110.219.224

prebid-stag.setupad.net

104.26.8.178

widget.us5.vip.prod.criteo.com

74.119.117.16

g.bidbrain.app

104.21.80.92

cadmus.script.ac

104.18.23.145

static.cloudflareinsights.com

104.16.80.73

rtb.adxpremium.services

185.106.140.18

user-data-eu.bidswitch.net

35.214.149.91

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

52.213.152.102

ssbsync-euw2.smartadserver.com

178.32.210.230

widget.nl3.vip.prod.criteo.com

178.250.1.9

spug-lhrc.pubmnet.com

185.64.190.81

id.a-mx.com

79.127.227.46

sync.srv.stackadapt.com

54.157.210.214

pixel.tapad.com

34.111.113.62

a.nel.cloudflare.com

35.190.80.1

ssp.ads.betweendigital.com

96.46.186.63

sync.ipredictive.com

52.73.22.15

ep1.adtrafficquality.google

142.250.185.66

s.amazon-adsystem.com

52.46.155.104

imgsync-amsfpairbc.pubmnet.com

198.47.127.18

am6-tmp.a-mx.net

147.75.34.179

static.fr3.vip.prod.criteo.net

178.250.7.2

gum.nl3.vip.prod.criteo.com

178.250.1.11

outspot2-ams.adx.opera.com

82.145.213.8

pug-ams-bc.pubmnet.com

198.47.127.205

analytics.google.com

142.250.9.138

ib.anycast.adnxs.com

185.89.210.122

failiem.lv

104.26.9.8

serve.bidbrain.app

172.67.176.164

pm.w55c.net

unknown

a.rfihub.com

unknown

prebid.a-mo.net

unknown

prebid.adnxs.com

unknown

dis.criteo.com

unknown

triplelift-match.dotomi.com

unknown

widget.us.criteo.com

unknown

static.criteo.net

unknown

ssbsync.smartadserver.com

unknown

pixel.rubiconproject.com

unknown

px.ads.linkedin.com

unknown

tlx.3lift.com

unknown

adx2.adform.net

unknown

cm.adform.net

unknown

t.adx.opera.com

unknown

cdn.jsdelivr.net

unknown

image8.pubmatic.com

unknown

ap.lijit.com

unknown

image4.pubmatic.com

unknown

gum.criteo.com

unknown

id.rtb.mx

unknown

ads.betweendigital.com

unknown

image2.pubmatic.com

unknown

prg.smartadserver.com

unknown

ow.pubmatic.com

unknown

assets.a-mo.net

unknown

pr-bh.ybp.yahoo.com

unknown

x.bidswitch.net

unknown

bidder.criteo.com

unknown

There are 90 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

37.157.6.254

unknown

Denmark

142.250.186.67

www.google.lv

United States

159.148.57.60

analytics.files.fm

Latvia

142.250.185.226

unknown

United States

185.64.190.84

ow-lhrc.pubmnet.com

United Kingdom

104.16.80.73

static.cloudflareinsights.com

United States

104.26.9.178

unknown

United States

185.167.164.52

unknown

United States

87.110.219.224

fv1-3.failiem.lv

Latvia

185.64.190.81

spug-lhrc.pubmnet.com

United Kingdom

35.190.80.1

a.nel.cloudflare.com

United States

150.171.22.12

ln-0002.ln-msedge.net

United States

198.47.127.205

pug-ams-bc.pubmnet.com

United States

74.125.138.95

unknown

United States

142.250.186.74

unknown

United States

34.248.152.121

ds-pr-bh.ybp.gysm.yahoodns.net

United States

204.79.197.237

unknown

United States

37.157.6.243

unknown

Denmark

1.1.1.1

unknown

Australia

172.253.124.132

unknown

United States

13.248.245.213

eu-eb2.3lift.com

United States

79.127.216.47

unknown

Czech Republic

104.27.206.92

files.fm

United States

172.217.18.3

unknown

United States

178.32.210.230

ssbsync-euw2.smartadserver.com

France

172.217.18.2

unknown

United States

87.250.250.90

unknown

Russian Federation

147.75.81.235

unknown

Switzerland

239.255.255.250

unknown

Reserved

193.0.160.130

unknown

Netherlands

178.250.1.11

gum.nl3.vip.prod.criteo.com

France

79.127.227.46

id.a-mx.com

Czech Republic

74.125.138.100

unknown

United States

52.213.152.102

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

United States

52.212.66.79

match.prod.bidr.io

United States

52.46.143.56

unknown

United States

37.157.6.231

unknown

Denmark

216.58.206.34

unknown

United States

192.168.2.16

unknown

142.250.105.154

googleads.g.doubleclick.net

United States

18.157.230.4

eu-tlx.3lift.com

United States

185.106.140.18

rtb.adxpremium.services

Serbia

104.26.9.8

failiem.lv

United States

46.228.164.11

presentation-ams1.turn.com

United Kingdom

142.250.185.163

unknown

United States

162.19.138.120

lb.eu-1-id5-sync.com

United States

142.250.185.162

unknown

United States

178.32.197.49

unknown

France

35.157.229.52

1x1.a-mo.net

United States

172.217.18.98

cm.g.doubleclick.net

United States

142.250.186.136

unknown

United States

104.18.22.145

unknown

United States

178.250.1.8

bidder.nl3.vip.prod.criteo.com

France

178.250.1.9

widget.nl3.vip.prod.criteo.com

France

142.250.9.138

analytics.google.com

United States

34.36.216.150

pixel-sync.sitescout.com

United States

185.89.208.11

unknown

Germany

172.64.153.78

mp.4dex.io

United States

172.67.75.241

unknown

United States

142.250.181.226

securepubads.g.doubleclick.net

United States

54.77.8.248

sync.crwdcntrl.net

United States

142.250.185.174

unknown

United States

178.250.7.13

gum.fr3.vip.prod.criteo.com

France

162.19.138.117

unknown

United States

162.19.138.118

id5-sync.com

United States

64.202.112.63

nydc1.outbrain.org

United States

172.217.16.132

unknown

United States

142.250.186.65

unknown

United States

213.180.193.90

an.yandex.ru

Russian Federation

104.26.8.178

prebid-stag.setupad.net

United States

151.101.193.229

unknown

United States

35.204.158.49

um.simpli.fi

United States

192.168.2.8

unknown

104.18.31.49

stpd.cloud

United States

142.250.184.225

ep2.adtrafficquality.google

United States

142.250.184.226

unknown

United States

162.19.138.82

unknown

United States

74.125.138.156

stats.g.doubleclick.net

United States

142.250.185.66

ep1.adtrafficquality.google

United States

52.46.155.104

s.amazon-adsystem.com

United States

142.250.185.68

unknown

United States

52.73.22.15

sync.ipredictive.com

United States

13.107.21.237

unknown

United States

142.250.184.193

unknown

United States

216.239.32.181

analytics-alv.google.com

United States

173.194.219.105

unknown

United States

185.89.210.122

ib.anycast.adnxs.com

Germany

104.18.36.155

ssum.casalemedia.com

United States

13.107.42.14

unknown

United States

54.211.52.44

unknown

United States

198.47.127.18

imgsync-amsfpairbc.pubmnet.com

United States

63.215.202.140

unknown

United States

3.73.251.134

cdn.w55c.net

United States

172.217.16.194

unknown

United States

52.223.40.198

match.adsrvr.org

United States

142.250.184.232

unknown

United States

52.214.206.94

euw-ice.360yield.com

United States

82.145.213.8

outspot2-ams.adx.opera.com

United Kingdom

172.67.176.164

cdn.bidbrain.app

United States

142.250.185.129

cdn-content.ampproject.org

United States

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://files.fm/u/vtrxvgdh6w

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://files.fm/u/vtrxvgdh6w

Files

URLs

Domains

IPs

IOC Report
https://files.fm/u/vtrxvgdh6w