Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ATT60255.HTM

HTML document, Unicode text, UTF-8 text, with very long lines (2363), with CRLF line terminators

initial sample

Chrome Cache Entry: 159

ASCII text, with very long lines (48316), with no line terminators

dropped

Chrome Cache Entry: 160

ASCII text, with very long lines (45667)

downloaded

Chrome Cache Entry: 161

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 162

ASCII text, with CRLF line terminators

downloaded

Chrome Cache Entry: 163

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 164

HTML document, ASCII text, with very long lines (65209), with CRLF line terminators

downloaded

Chrome Cache Entry: 165

data

dropped

Chrome Cache Entry: 166

ASCII text, with very long lines (65447)

dropped

Chrome Cache Entry: 167

PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 168

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 169

Web Open Font Format (Version 2), TrueType, length 28584, version 1.66

downloaded

Chrome Cache Entry: 170

ASCII text, with very long lines (10017)

downloaded

Chrome Cache Entry: 171

ASCII text, with very long lines (65451)

downloaded

Chrome Cache Entry: 172

ASCII text, with very long lines (45034)

downloaded

Chrome Cache Entry: 173

HTML document, ASCII text

downloaded

Chrome Cache Entry: 174

ASCII text, with very long lines (45034)

dropped

Chrome Cache Entry: 175

PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 176

ASCII text, with very long lines (65447)

downloaded

Chrome Cache Entry: 177

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 178

Unicode text, UTF-8 text, with very long lines (65532), with no line terminators

dropped

Chrome Cache Entry: 179

PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 180

ASCII text, with very long lines (23638), with CRLF line terminators

downloaded

Chrome Cache Entry: 181

PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 182

ASCII text, with very long lines (48316), with no line terminators

downloaded

Chrome Cache Entry: 183

data

downloaded

Chrome Cache Entry: 184

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 185

ASCII text, with very long lines (45667)

dropped

Chrome Cache Entry: 186

ASCII text, with very long lines (10450)

downloaded

Chrome Cache Entry: 187

very short file (no magic)

dropped

Chrome Cache Entry: 188

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 189

ASCII text, with very long lines (1434), with no line terminators

dropped

Chrome Cache Entry: 190

Web Open Font Format, TrueType, length 36696, version 1.0

downloaded

Chrome Cache Entry: 191

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 192

PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 193

PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 194

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 195

ASCII text, with very long lines (10017)

dropped

Chrome Cache Entry: 196

PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 197

PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 198

ASCII text, with very long lines (51734)

downloaded

Chrome Cache Entry: 199

Web Open Font Format (Version 2), TrueType, length 93276, version 1.0

downloaded

Chrome Cache Entry: 200

PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 201

Web Open Font Format (Version 2), TrueType, length 43596, version 1.0

downloaded

Chrome Cache Entry: 202

Web Open Font Format, TrueType, length 35970, version 1.0

downloaded

Chrome Cache Entry: 203

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 204

ASCII text, with very long lines (65451)

dropped

Chrome Cache Entry: 205

PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 206

Unicode text, UTF-8 text, with very long lines (65532), with no line terminators

downloaded

Chrome Cache Entry: 207

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 208

PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 209

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 210

PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 211

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 212

ASCII text, with very long lines (1434), with no line terminators

downloaded

Chrome Cache Entry: 213

very short file (no magic)

downloaded

Chrome Cache Entry: 214

PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 215

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 216

Web Open Font Format (Version 2), TrueType, length 28000, version 1.66

downloaded

Chrome Cache Entry: 217

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 218

PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 219

SVG Scalable Vector Graphics image

dropped

There are 52 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT60255.HTM"

Details

Is windows:	true
Is dropped:	false
PID:	6628
Target ID:	0
Parent PID:	5408
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT60255.HTM"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:10:23
Date:	27/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1188
Target ID:	2
Parent PID:	6628
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:10:26
Date:	27/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

https://href.li/?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au

192.0.78.26

https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond

unknown

https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW

188.114.96.3

https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

13.33.187.68

https://kpl2.r04ar2.com/90BLxVXhpRTD45c1Cvst53

188.114.96.3

https://developers.google.com/recaptcha/docs/faq#localhost_support

unknown

https://kpl2.r04ar2.com/90e3UQoFnPZnefHhdNMQPyz73

188.114.96.3

https://support.google.com/recaptcha#6262736

unknown

https://kpl2.r04ar2.com/ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230

188.114.96.3

https://kpl2.r04ar2.com/wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122

188.114.96.3

https://support.google.com/recaptcha/?hl=en#6223828

unknown

https://kpl2.r04ar2.com/opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136

188.114.96.3

https://cloud.google.com/contact

unknown

https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

13.33.187.68

https://kpl2.r04ar2.com/12HMveiyHPabpIUo8913

188.114.96.3

https://github.com/fent)

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto

104.18.94.41

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6

104.18.94.41

https://kpl2.r04ar2.com/12Vj5xeItpngol5p78GsRYKIFop50

188.114.96.3

https://www.google.com/recaptcha/api.js

142.250.185.164

https://kpl2.r04ar2.com/xy7B16Rpqjcafef30

188.114.96.3

https://support.google.com/recaptcha/#6175971

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D

104.18.94.41

https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js

104.18.94.41

https://www.google.com/recaptcha/api2/

unknown

https://support.google.com/recaptcha

unknown

https://kpl2.r04ar2.com/ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204

188.114.96.3

https://kpl2.r04ar2.com/rsudZieQRPg934N9fbuv40

188.114.96.3

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

13.33.187.68

https://kpl2.r04ar2.com/34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109

188.114.96.3

https://cloud.google.com/recaptcha-enterprise/billing-information

unknown

https://kpl2.r04ar2.com/45lL7KipMN4YrD89WlFkKCVxy70

188.114.96.3

https://recaptcha.net

unknown

https://kpl2.r04ar2.com/eflbaMIh8KvYQ56Fw0I2qKmn100

188.114.96.3

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO

104.18.94.41

https://a.nel.cloudflare.com/report/v4?s=sIxc%2BZUUEOrNpQDWB9EM7I7KmFejegSrUZkqAmRHFxitgwVo5ALHeTjQ8lJXvTyvY0hx3XK79w4PAfrQpGB%2FeUnI%2BYYGnE14edccKFBWCZEFC1LyJAV9TiVnbge89w%3D%3D

35.190.80.1

https://kpl2.r04ar2.com/mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141

188.114.96.3

https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que

unknown

https://a.nel.cloudflare.com/report/v4?s=M%2B3Hwfm5URa0VIteODWMU8DrfSEvhq2TVdS8YuOi20LAechWtbpiyhuqmicuzV2Bgmk6g52Ft91M1q3K0Ga0TX76s19zPo9ucrgRAgL%2FcN5%2BeBG%2F84dvq1celzyB%2Bw%3D%3D

35.190.80.1

https://play.google.com/log?format=json&hasfast=true

unknown

https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8b9f6497ee820fa4/1724796641793/1d41b0915d96664d4c421588daa101f93a8179105dc076a56dbf01d319f547c8/wIkiMbIg4-l0Z4N

104.18.94.41

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/

104.18.94.41

https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca

unknown

https://nse.idwp.ru/srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40

104.21.67.3

https://cdn.socket.io/4.6.0/socket.io.min.js

13.227.219.40

https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au

188.114.96.3

https://kpl2.r04ar2.com/opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239

188.114.96.3

https://get.geojs.io/v1/ip/geo.json

172.67.70.233

https://kpl2.r04ar2.com/apsDh9aBaVhYjUySTyaOt7dEJs5t

188.114.96.3

https://kpl2.r04ar2.com/yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173

188.114.96.3

https://kpl2.r04ar2.com/opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193

188.114.96.3

https://kpl2.r04ar2.com/lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb

188.114.96.3

https://wox.dultzman.ru/yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC

188.114.97.3

There are 47 hidden URLs, click here to show them.

Domains

Name

Malicious

href.li

192.0.78.26

code.jquery.com

151.101.130.137

a.nel.cloudflare.com

35.190.80.1

nse.idwp.ru

104.21.67.3

wox.dultzman.ru

188.114.97.3

github.com

140.82.121.3

kpl2.r04ar2.com

188.114.96.3

d2vgu95hoyrpkh.cloudfront.net

13.227.219.40

cdnjs.cloudflare.com

104.17.25.14

challenges.cloudflare.com

104.18.94.41

get.geojs.io

172.67.70.233

www.google.com

172.217.16.132

d19d360lklgih4.cloudfront.net

13.33.187.68

objects.githubusercontent.com

185.199.110.133

cdn.socket.io

unknown

ok4static.oktacdn.com

unknown

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

151.101.130.137

code.jquery.com

United States

192.0.78.26

href.li

United States

104.21.67.3

nse.idwp.ru

United States

104.18.94.41

challenges.cloudflare.com

United States

104.26.1.100

unknown

United States

192.168.2.7

unknown

192.168.2.4

unknown

192.168.2.6

unknown

192.168.2.5

unknown

142.250.185.164

unknown

United States

18.245.31.5

unknown

United States

185.199.109.133

unknown

Netherlands

13.227.219.40

d2vgu95hoyrpkh.cloudfront.net

United States

151.101.66.137

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

185.199.110.133

objects.githubusercontent.com

Netherlands

104.17.24.14

unknown

United States

65.9.86.56

unknown

United States

13.33.187.68

d19d360lklgih4.cloudfront.net

United States

140.82.121.3

github.com

United States

216.58.206.68

unknown

United States

239.255.255.250

unknown

Reserved

188.114.97.3

wox.dultzman.ru

European Union

188.114.96.3

kpl2.r04ar2.com

European Union

172.67.70.233

get.geojs.io

United States

172.217.16.132

www.google.com

United States

104.17.25.14

cdnjs.cloudflare.com

United States

There are 17 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ATT60255.HTM

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportATT60255.HTM

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
ATT60255.HTM