Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3244
Target ID:	0
Parent PID:	5496
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	22:52:45
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2024,i,812826071641393304,11803860906050503024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2284
Target ID:	2
Parent PID:	3244
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2024,i,812826071641393304,11803860906050503024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	22:52:47
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.beta-casinu.com/"

Details

Is windows:	true
Is dropped:	false
PID:	6376
Target ID:	3
Parent PID:	5496
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.beta-casinu.com/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	22:52:50
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://tg//login?token=AQKwb_dmmCK2O6Xr9UTVd7qpxBWuNm6LwVTay9NYuR0bjg

Details

Is windows:	true
Is dropped:	false
PID:	6668
Target ID:	7
Parent PID:	4592
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://tg//login?token=AQKwb_dmmCK2O6Xr9UTVd7qpxBWuNm6LwVTay9NYuR0bjg
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	22:53:10
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1136,i,5276499293907575968,17547598059227624932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1804
Target ID:	8
Parent PID:	6668
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1136,i,5276499293907575968,17547598059227624932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	22:53:10
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.beta-casinu.com/

https://web.telegram.org/

unknown

https://www.beta-casinu.com/

https://ads.telegram.org/guidelines).

unknown

https://www.beta-casinu.com/countries-CzeCvYH8.js

172.67.144.230

https://www.beta-casinu.com/crypto.worker-CfCshcpI.js

172.67.144.230

https://browsehappy.com/

unknown

https://www.beta-casinu.com/langSign-CN-ja8rh.js

172.67.144.230

https://telegram.org/dl/ios)

unknown

https://telegram.org/android)

unknown

https://www.beta-casinu.com/index-jdz_mo9Z.css

172.67.144.230

https://web.telegram.org/k/

unknown

https://www.beta-casinu.com/putPreloader-BxORNqqF.js

172.67.144.230

https://www.beta-casinu.com/pageSignQR-5M1Vvp0W.js

172.67.144.230

https://www.beta-casinu.com/button-CiBNjYjQ.js

172.67.144.230

https://www.beta-casinu.com/index-B6mnDBy-.js

172.67.144.230

https://www.beta-casinu.com/site.webmanifest?v=jw3mK7G9Aq

172.67.144.230

https://t.me/botfather)

unknown

https://venus.web.telegram.org/apiw1

149.154.167.99

https://www.beta-casinu.com/sw-D9sW9K3C.js

172.67.144.230

https://getdesktop.telegram.org/)__

unknown

https://www.beta-casinu.com/qr-code-styling-CvBVNv73.js

172.67.144.230

https://github.com/eshaz/simple-yenc

unknown

https://www.beta-casinu.com/page-CDWkLdSd.js

172.67.144.230

https://www.beta-casinu.com/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

172.67.144.230

https://www.beta-casinu.com/lang-BpEKa8Us.js

172.67.144.230

https://www.beta-casinu.com/mtproto.worker-BiKXXaal.js

172.67.144.230

https://www.beta-casinu.com/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.67.144.230

https://www.beta-casinu.com/textToSvgURL-Cnw_Q8Rw.js

172.67.144.230

https://telegram.org/dl/)__

unknown

https://www.beta-casinu.com/_commonjsHelpers-Cpj98o6Y.js

172.67.144.230

https://kws2.web.telegram.org/apiws

149.154.167.99

https://www.beta-casinu.com/assets/img/logo_padded.svg

172.67.144.230

https://www.beta-casinu.com/assets/img/favicon.ico?v=jw3mK7G9Ry

172.67.144.230

https://www.beta-casinu.com/assets/img/android-chrome-144x144.png?v=jw3mK7G9Ry

172.67.144.230

https://github.com/emn178/js-md5

unknown

There are 25 hidden URLs, click here to show them.

Domains

Name

Malicious

google.com

142.250.186.78

Details

Name:	google.com
IP:	142.250.186.78
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.beta-casinu.com

172.67.144.230

Details

Name:	www.beta-casinu.com
IP:	172.67.144.230
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

venus.web.telegram.org

149.154.167.99

Details

Name:	venus.web.telegram.org
IP:	149.154.167.99
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.186.164

Details

Name:	www.google.com
IP:	142.250.186.164
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

kws2.web.telegram.org

149.154.167.99

Details

Name:	kws2.web.telegram.org
IP:	149.154.167.99
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

192.168.2.4

unknown

172.67.144.230

www.beta-casinu.com

United States

149.154.167.99

venus.web.telegram.org

United Kingdom

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

142.250.186.164

www.google.com

United States

104.21.10.72

unknown

United States

DOM / HTML

URL

Malicious

https://www.beta-casinu.com/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.beta-casinu.com/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.beta-casinu.com/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://www.beta-casinu.com/