Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3720
Target ID:	0
Parent PID:	6008
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	00:00:33
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,7807176154066329382,13733837652376969656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5312
Target ID:	4
Parent PID:	3720
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,7807176154066329382,13733837652376969656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	00:00:37
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.mywelcomepackreward.be/"

Details

Is windows:	true
Is dropped:	false
PID:	5936
Target ID:	6
Parent PID:	6008
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.mywelcomepackreward.be/"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	00:00:42
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c4390000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.mywelcomepackreward.be/

5.134.4.156

https://www.mywelcomepackreward.be/

5.134.4.156

https://reward.bnpparibasfortis.be/fr/log-off/

83.217.75.108

http://tibco.com/PageBus

unknown

https://www.qahellobank.be/nl/wettelijke-info/cookies

unknown

http://fontawesome.io

unknown

https://www.fintro.be/

unknown

https://www.qabnpparibasfortis.com/nl/footer-pages/cookiebeleid

unknown

https://reward.bnpparibasfortis.be/nl/faq/

http://www.openajax.org/member/wiki/OpenAjax_Hub_Specification

unknown

https://www.bnpparibasfortis.be/resources/one-portal/wcm/js/vendors/pagebus.js

193.58.4.82

https://www.bnpparibasfortis.com/nl/footer-pages/cookiebeleid

unknown

https://www.qabnpparibasfortis.com/fr/footer-pages/politique-en-matiere-de-cookies

unknown

https://players.brightcove.net/6012566768001/YypspJ4Yl_default/index.html?videoId=

unknown

https://reward.bnpparibasfortis.be/

83.217.75.108

https://reward.bnpparibasfortis.be/favicon.ico

83.217.75.108

http://openajax.org

unknown

https://reward.bnpparibasfortis.be/nl/log-off/

83.217.75.108

https://p1.easybanking.qabnpparibasfortis.be/

unknown

http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-h

unknown

https://reward.bnpparibasfortis.be/en/

http://openajax.org/hub

unknown

https://easybanking.p1.qafintro.be/

unknown

https://www.bnpparibasfortis.be/

unknown

https://reward.bnpparibasfortis.be/en/log-off/

83.217.75.108

https://mywelcomepackreward.be/

5.134.4.156

https://reward.bnpparibasfortis.be/images/cadeau.png

83.217.75.108

https://reward.bnpparibasfortis.be/js/plugins.min.js?v=3accddf64b1dd03abeb9b0b3e5a7ba44

83.217.75.108

https://reward.bnpparibasfortis.be/js/vendor/modernizr-2.8.3.min.js

83.217.75.108

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://www.qahellobank.be/fr/pages-legales/cookies

unknown

https://reward.bnpparibasfortis.be/nl/

https://www.hellobank.be/fr/pages-legales/cookies

unknown

https://www.qabnpparibasfortis.com/footer-pages/cookie-policy

unknown

https://www.qahellobank.be/legal-notice/cookies

unknown

http://fontawesome.io/license

unknown

https://www.hellobank.be/nl/wettelijke-info/cookies

unknown

https://reward.bnpparibasfortis.be/images/logo.png

83.217.75.108

https://reward.bnpparibasfortis.be/css/square/green.css

83.217.75.108

https://reward.bnpparibasfortis.be/js/main.min.js?v=3accddf64b1dd03abeb9b0b3e5a7ba44

83.217.75.108

https://reward.bnpparibasfortis.be/fr/

https://reward.bnpparibasfortis.be/fr/faq/

https://players.brightcove.net/1890328962001/default_default/index.html?videoId=

unknown

https://www.hellobank.be/legal-notice/cookies

unknown

https://reward.bnpparibasfortis.be/css/main.css?v=3accddf64b1dd03abeb9b0b3e5a7ba44

83.217.75.108

https://code.jquery.com/jquery-1.12.0.min.js

151.101.66.137

https://www.bnpparibasfortis.com/footer-pages/cookie-policy

unknown

https://reward.bnpparibasfortis.be/en/faq/

https://www.bnpparibasfortis.be/resources/cookie-consent/cookie.js

193.58.4.82

https://www.bnpparibasfortis.com/fr/footer-pages/politique-en-matiere-de-cookies

unknown

There are 40 hidden URLs, click here to show them.

Domains

Name

Malicious

www.mywelcomepackreward.be

5.134.4.156

Details

Name:	www.mywelcomepackreward.be
IP:	5.134.4.156
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

bg.microsoft.map.fastly.net

199.232.210.172

code.jquery.com

151.101.66.137

Details

Name:	code.jquery.com
IP:	151.101.66.137
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.bnpparibasfortis.be

193.58.4.82

Details

Name:	www.bnpparibasfortis.be
IP:	193.58.4.82
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

reward.bnpparibasfortis.be

83.217.75.108

Details

Name:	reward.bnpparibasfortis.be
IP:	83.217.75.108
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.18.4

Details

Name:	www.google.com
IP:	172.217.18.4
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

mywelcomepackreward.be

5.134.4.156

Details

Name:	mywelcomepackreward.be
IP:	5.134.4.156
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

83.217.75.108

reward.bnpparibasfortis.be

Belgium

172.217.18.4

www.google.com

United States

192.168.2.7

unknown

193.58.4.82

www.bnpparibasfortis.be

Belgium

239.255.255.250

unknown

Reserved

5.134.4.156

www.mywelcomepackreward.be

Belgium

151.101.66.137

code.jquery.com

United States

DOM / HTML

URL

Malicious

https://reward.bnpparibasfortis.be/en/

https://reward.bnpparibasfortis.be/nl/

https://reward.bnpparibasfortis.be/fr/

https://reward.bnpparibasfortis.be/en/faq/

https://reward.bnpparibasfortis.be/nl/faq/

https://reward.bnpparibasfortis.be/fr/faq/

There are 17 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.mywelcomepackreward.be/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.mywelcomepackreward.be/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://www.mywelcomepackreward.be/