Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 44

HTML document, Unicode text, UTF-8 text, with very long lines (7107)

downloaded

Details

File:	Chrome Cache Entry: 44
Category:	downloaded
Dump:	chromecache_44.2.dr
ID:	dr_6
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, Unicode text, UTF-8 text, with very long lines (7107)
Entropy:	5.455014677341829
Encrypted:	false
Ssdeep:	768:VCCDCaCTC4CcbOFRXPoF4Z+WcxWo6CB3utX:VCCDCaCTC4CCGPQ+C+tX
Size:	39358
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 45

HTML document, ASCII text, with very long lines (394)

downloaded

Details

File:	Chrome Cache Entry: 45
Category:	downloaded
Dump:	chromecache_45.2.dr
ID:	dr_7
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (394)
Entropy:	5.086834207986578
Encrypted:	false
Ssdeep:	96:1j9jwIjYjUDK/D5DMF+BOisE1aA2ZLimSurR49PaQxJbGD:1j9jhjYjIK/Vo+tsE1+ZOmSurO9ieJGD
Size:	4394
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 46

PNG image data, 54 x 54, 8-bit colormap, non-interlaced

dropped

Details

File:	Chrome Cache Entry: 46
Category:	dropped
Dump:	chromecache_46.2.dr
ID:	dr_2
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Entropy:	7.0936408308765495
Encrypted:	false
Ssdeep:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
Size:	452
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 47

PNG image data, 54 x 54, 8-bit colormap, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 47
Category:	downloaded
Dump:	chromecache_47.2.dr
ID:	dr_8
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Entropy:	7.0936408308765495
Encrypted:	false
Ssdeep:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
Size:	452
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 48

HTML document, Unicode text, UTF-8 text, with very long lines (7107)

dropped

Details

File:	Chrome Cache Entry: 48
Category:	dropped
Dump:	chromecache_48.2.dr
ID:	dr_4
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, Unicode text, UTF-8 text, with very long lines (7107)
Entropy:	5.455014677341829
Encrypted:	false
Ssdeep:	768:VCCDCaCTC4CcbOFRXPoF4Z+WcxWo6CB3utX:VCCDCaCTC4CCGPQ+C+tX
Size:	39358
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 49

ASCII text, with very long lines (24050)

downloaded

Details

File:	Chrome Cache Entry: 49
Category:	downloaded
Dump:	chromecache_49.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (24050)
Entropy:	4.941039417164537
Encrypted:	false
Ssdeep:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
Size:	24051
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	5100
Target ID:	0
Parent PID:	1800
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:35:12
Date:	29/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2188,i,14115481653497378129,4094176227084452522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4820
Target ID:	2
Parent PID:	5100
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2188,i,14115481653497378129,4094176227084452522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:35:14
Date:	29/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://square-forest-7d7b.pestoreddddddd.workers.dev/"

Details

Is windows:	true
Is dropped:	false
PID:	6484
Target ID:	3
Parent PID:	1800
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://square-forest-7d7b.pestoreddddddd.workers.dev/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:35:17
Date:	29/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://square-forest-7d7b.pestoreddddddd.workers.dev/

https://login.comcast.net/static/images/favicon/android-icon-192x192.png

unknown

https://www.cloudflare.com/learning/access-management/phishing-attack/

unknown

https://login.comcast.net/static/images/favicon/apple-icon-144x144.png

unknown

https://login.comcast.net/static/images/favicon/apple-icon-114x114.png

unknown

http://xfinity.comcast.net/siteindex/

unknown

http://www.comcast.net/adinformation

unknown

https://login.comcast.net/static/images/favicon/apple-icon-120x120.png

unknown

https://square-forest-7d7b.pestoreddddddd.workers.dev/favicon.ico

188.114.97.3

https://login.comcast.net/oauth/authorize?client_id=modesto-my-account-web&redirect_uri=https%3A

unknown

https://login.comcast.net/static/images/favicon/apple-icon-72x72.png

unknown

https://login.comcast.net/static/images/favicon/favicon-96x96.png

unknown

https://login.comcast.net/static/images/favicon/apple-icon-76x76.png

unknown

https://login.comcast.net/static/images/favicon/apple-icon-180x180.png

unknown

https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d

unknown

https://login.comcast.net/static/images/favicon/favicon-32x32.png

unknown

https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.comcast.net%2Flogin%3FipAddrAu

unknown

https://square-forest-7d7b.pestoreddddddd.workers.dev/cdn-cgi/styles/cf.errors.css

188.114.97.3

https://login.comcast.net/static/images/favicon/favicon-16x16.png

unknown

https://www.cloudflare.com/5xx-error-landing

unknown

https://login.comcast.net/static/images/favicon/apple-icon-152x152.png

unknown

https://login.comcast.net/static/images/favicon/apple-icon-57x57.png

unknown

https://privacy.truste.com/privacy-seal/Comcast-Cable-Communications-Management

unknown

https://assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/satelliteLib-531bc4f46256650a84

unknown

https://greendoored.link/wp-content/uploads/bass/port/files/styles-light.min.css

unknown

https://square-forest-7d7b.pestoreddddddd.workers.dev/

https://square-forest-7d7b.pestoreddddddd.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

188.114.97.3

https://greendoored.link/wp-content/uploads/bass/port/files/tracking-DTM.min.js.download

unknown

https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.comcast.net%2Flogin%3FipAddrAut

unknown

https://login.comcast.net/static/images/favicon/favicon.ico

unknown

http://my.xfinity.com/terms/web/

unknown

https://customer.comcast.com/contact-us/

unknown

https://login.comcast.net/static/images/favicon/manifest.json

unknown

https://login.comcast.net/static/images/favicon/apple-icon-60x60.png

unknown

https://greendoored.link/wp-content/uploads/bass/port/files/tracking-aws.min.js.download

unknown

https://customer.xfinity.com/lite

unknown

http://www.xfinitymobile.com/support

unknown

http://xfinity.comcast.net/privacy/

unknown

https://drophost.link/tuna/tuna.php

unknown

https://greendoored.link/wp-content/uploads/bass/port/files/lodash-slim.min.js.download

unknown

There are 29 hidden URLs, click here to show them.

Domains

Name

Malicious

square-forest-7d7b.pestoreddddddd.workers.dev

188.114.97.3

Details

Name:	square-forest-7d7b.pestoreddddddd.workers.dev
IP:	188.114.97.3
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.184.228

Details

Name:	www.google.com
IP:	142.250.184.228
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

188.114.97.3

square-forest-7d7b.pestoreddddddd.workers.dev

European Union

188.114.96.3

unknown

European Union

142.250.184.228

www.google.com

United States

192.168.2.4

unknown

192.168.2.5

unknown

DOM / HTML

URL

Malicious

https://square-forest-7d7b.pestoreddddddd.workers.dev/

Details

Filename:	0.0.pages.html.dom
Url:	https://square-forest-7d7b.pestoreddddddd.workers.dev/
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2188,i,14115481653497378129,4094176227084452522,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected BlockedWebSite	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://square-forest-7d7b.pestoreddddddd.workers.dev/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://square-forest-7d7b.pestoreddddddd.workers.dev/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://square-forest-7d7b.pestoreddddddd.workers.dev/