Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9795631156637343
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.995709654506385
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.004878414133417
Encrypted:	false
Size:	2691
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9918752843978247
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9820012253975334
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:47:15 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.992540243512301
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Chrome Cache Entry: 63

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

dropped

Details

File:	Chrome Cache Entry: 63
Category:	dropped
Dump:	chromecache_63.1.dr
ID:	dr_6
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Entropy:	3.1619263408338774
Encrypted:	false
Size:	4286
Whitelisted:	false

URLs

Name

Malicious

https://ea.pstmrk.it/open?m=v3_1.bV7EYmGPAjrBi4aYJaG26Q.pCemdUWL0xochskpB-4GlhbqR_bDmCcFQMaK_Uj6hLotG9B-lhAprfT-xt5bUnPGRAnBtJiXhAEWg26Dxaw3t-AkxZtctPLWrPJ4tRNQ5xGV3GycTiG92Vrn9ke_3cBrfAds6GhJSI73VBL_yF5yepLqUZKQMwi-QQmFI2RBSyunckdjiIHygs_c-7GiUEndW_4vaj-73ksUNJ4NQ3u7OMzcmyvb3GpcNxr6LR-EGsZmp6B84pqCi3SAeNDKU7LiwZ-hJKu3Q2S5fOD9VXvs-zDagvOXdiQMwIEQSOcGVJFL-h3BkMowKgxcpzoQDWO7XXOPUvdhoxiMgHUOTvMA54J7p1ejXuNfEt48I23obQiU64eJUIKCphXGZKs-p35iaJmkNymxszwo9z3DwAgWflRl4M2ptzUhDOlIsYPFD8tjiALXhpP2vkoNijofJkcTyZLMBWvBm2NZqyL1C3ybEsskK9b0VfKBL60atREZHCRctXT1YDl_-c44GsBoLxtB4BprFv4fEfcZ3dStXOY2NCrpHyIEkbGqdc0vUKj9QEMqnEU_ujNQe8kra9g9-Ghly0eQxxvVbL5dAOPhzgnVyi9FQ2DBKN36b63B8gL1xw1NLypdHRK2mPAPq6R2xBIxgixekmNi_w8Z9GaFzUS9oYyZATJYC1re3IZk689_QBEEfC3IoMFd7J6oJuD_T7Az7OyCeFDEj9i_L1wqL5CUrunfKteTOTf0jrvLRCHb-YE

Details

Filetype:

URL

Filename:

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Classification label	System Summary	Extra Window Memory Injection
Connects to IPs without corresponding DNS lookups	Networking	Extra Window Memory Injection
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing	Extra Window Memory Injection
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

Details

Name:	https://ea.pstmrk.it/open?m=v3_1.bV7EYmGPAjrBi4aYJaG26Q.pCemdUWL0xochskpB-4GlhbqR_bDmCcFQMaK_Uj6hLotG9B-lhAprfT-xt5bUnPGRAnBtJiXhAEWg26Dxaw3t-AkxZtctPLWrPJ4tRNQ5xGV3GycTiG92Vrn9ke_3cBrfAds6GhJSI73VBL_yF5yepLqUZKQMwi-QQmFI2RBSyunckdjiIHygs_c-7GiUEndW_4vaj-73ksUNJ4NQ3u7OMzcmyvb3GpcNxr6LR-EGsZmp6B84pqCi3SAeNDKU7LiwZ-hJKu3Q2S5fOD9VXvs-zDagvOXdiQMwIEQSOcGVJFL-h3BkMowKgxcpzoQDWO7XXOPUvdhoxiMgHUOTvMA54J7p1ejXuNfEt48I23obQiU64eJUIKCphXGZKs-p35iaJmkNymxszwo9z3DwAgWflRl4M2ptzUhDOlIsYPFD8tjiALXhpP2vkoNijofJkcTyZLMBWvBm2NZqyL1C3ybEsskK9b0VfKBL60atREZHCRctXT1YDl_-c44GsBoLxtB4BprFv4fEfcZ3dStXOY2NCrpHyIEkbGqdc0vUKj9QEMqnEU_ujNQe8kra9g9-Ghly0eQxxvVbL5dAOPhzgnVyi9FQ2DBKN36b63B8gL1xw1NLypdHRK2mPAPq6R2xBIxgixekmNi_w8Z9GaFzUS9oYyZATJYC1re3IZk689_QBEEfC3IoMFd7J6oJuD_T7Az7OyCeFDEj9i_L1wqL5CUrunfKteTOTf0jrvLRCHb-YE
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

ea.pstmrk.it

34.246.217.79

Details

Name:	ea.pstmrk.it
IP:	34.246.217.79
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.185.132

Details

Name:	www.google.com
IP:	142.250.185.132
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

79.125.6.66

unknown

Ireland

64.233.167.84

unknown

United States

1.1.1.1

unknown

Australia

239.255.255.250

unknown

Reserved

142.250.185.131

unknown

United States

216.58.206.78

unknown

United States

142.250.185.132

www.google.com

United States

142.250.184.227

unknown

United States

142.250.184.238

unknown

United States

192.168.2.18

unknown

34.246.217.79

ea.pstmrk.it

United States

172.217.16.132

unknown

United States

There are 2 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

URLs

Domains

IPs