Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 107

HTML document, ASCII text, with very long lines (311), with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 107
Category:	downloaded
Dump:	chromecache_107.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (311), with CRLF line terminators
Entropy:	4.757785620270492
Encrypted:	false
Ssdeep:	48:tRYfzgRVqY5nxR6y57f7Y3AQ/WYBm9ZCZWq0nLnfnLK:qgR/8yCb/WwmaWY
Size:	3037
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 108

Web Open Font Format (Version 2), TrueType, length 19188, version 1.0

downloaded

Details

File:	Chrome Cache Entry: 108
Category:	downloaded
Dump:	chromecache_108.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Web Open Font Format (Version 2), TrueType, length 19188, version 1.0
Entropy:	7.988349031070966
Encrypted:	false
Ssdeep:	384:MF48+7IfY/TC2oUQT3p72dIl48yRZnl5ELO3K5BrvjlgJCvwntfUp0jHnygO4:MFWIGnVQT3piY48yJXa7blgJUMUp+HnH
Size:	19188
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 109

SVG Scalable Vector Graphics image

dropped

Details

File:	Chrome Cache Entry: 109
Category:	dropped
Dump:	chromecache_109.2.dr
ID:	dr_8
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	SVG Scalable Vector Graphics image
Entropy:	4.6811458265276995
Encrypted:	false
Ssdeep:	48:Q1uj1y3XYLKb/gUu1kXU2iHJWBDd3o/0app1WcvNSWHJWBDafWj5ZSZNMi6sViC:qXYLI/rswU7Qd00e/W6NSWQaIZcn3Z
Size:	2995
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 110

ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 110
Category:	downloaded
Dump:	chromecache_110.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.851334017445672
Encrypted:	false
Ssdeep:	48:IG3IE0PEA+nF2Cdh/OVP0zClPwhXqh0dk8IqtrGTcCBRd1j:gE0PEAmhzo6V4wtyTcMPj
Size:	2566
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 111

SVG Scalable Vector Graphics image

downloaded

Details

File:	Chrome Cache Entry: 111
Category:	downloaded
Dump:	chromecache_111.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	SVG Scalable Vector Graphics image
Entropy:	4.6811458265276995
Encrypted:	false
Ssdeep:	48:Q1uj1y3XYLKb/gUu1kXU2iHJWBDd3o/0app1WcvNSWHJWBDafWj5ZSZNMi6sViC:qXYLI/rswU7Qd00e/W6NSWQaIZcn3Z
Size:	2995
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 112

ASCII text, with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 112
Category:	downloaded
Dump:	chromecache_112.2.dr
ID:	dr_13
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	4.307354922057605
Encrypted:	false
Ssdeep:	3:WZoS90NY:WZoS1
Size:	28
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 113

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 113
Category:	downloaded
Dump:	chromecache_113.2.dr
ID:	dr_14
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Entropy:	7.93426476939069
Encrypted:	false
Ssdeep:	768:++Qpie2CvdBG6H4tigguQmVEIFHgI39GZfznEStaDSmy8pn3zJIaTZFnpeFW+G5G:ZWCCvTG8hmh2RaDVZDJIa7npeodHo5l
Size:	60380
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 114

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

dropped

Details

File:	Chrome Cache Entry: 114
Category:	dropped
Dump:	chromecache_114.2.dr
ID:	dr_4
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Entropy:	7.93426476939069
Encrypted:	false
Ssdeep:	768:++Qpie2CvdBG6H4tigguQmVEIFHgI39GZfznEStaDSmy8pn3zJIaTZFnpeFW+G5G:ZWCCvTG8hmh2RaDVZDJIa7npeodHo5l
Size:	60380
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 115

ASCII text

downloaded

Details

File:	Chrome Cache Entry: 115
Category:	downloaded
Dump:	chromecache_115.2.dr
ID:	dr_15
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text
Entropy:	5.374847524221001
Encrypted:	false
Ssdeep:	24:3dOY7a+X5LQfRVc+u/rdOY7a+X5LQ7kwy96DGSSf7:tOEa8LARVc+upOEa8LckN0oD
Size:	806
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3128
Target ID:	0
Parent PID:	1072
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	20:46:30
Date:	28/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2480,i,1797990003558239978,3991572395817339401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3068
Target ID:	2
Parent PID:	3128
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2480,i,1797990003558239978,3991572395817339401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	20:46:35
Date:	28/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cyber-rick-max.github.io/Instagram-mobile-app-clone"

Details

Is windows:	true
Is dropped:	false
PID:	6336
Target ID:	3
Parent PID:	1072
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cyber-rick-max.github.io/Instagram-mobile-app-clone"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	20:46:37
Date:	28/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://cyber-rick-max.github.io/Instagram-mobile-app-clone

Details

Filetype:	URL
Filename:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Multi AV Scanner detection for domain / URL	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected HtmlPhish64	Phishing
Phishing site detected (based on image similarity)	Phishing
Phishing site detected (based on logo match)	Phishing
Detected non-DNS traffic on DNS port	Networking
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Non-Application Layer Protocol Ingress Tool Transfer
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://cyber-rick-max.github.io/Instagram-mobile-app-clone/

Details

Name:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Multi AV Scanner detection for submitted file	AV Detection
Phishing site detected (based on image similarity)	Phishing
Phishing site detected (based on logo match)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://cyber-rick-max.github.io/Instagram-mobile-app-clone/icons/meta.svg

185.199.109.153

Details

Name:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone/icons/meta.svg
IP:	185.199.109.153
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Multi AV Scanner detection for submitted file	AV Detection
Phishing site detected (based on image similarity)	Phishing
Phishing site detected (based on logo match)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://cyber-rick-max.github.io/Instagram-mobile-app-clone/icons/insta-logo.png

185.199.109.153

Details

Name:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone/icons/insta-logo.png
IP:	185.199.109.153
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Multi AV Scanner detection for submitted file	AV Detection
Phishing site detected (based on image similarity)	Phishing
Phishing site detected (based on logo match)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://cyber-rick-max.github.io/Instagram-mobile-app-clone

185.199.109.153

Details

Name:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone
IP:	185.199.109.153
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

https://cyber-rick-max.github.io/Instagram-mobile-app-clone/style.css

185.199.109.153

Details

Name:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone/style.css
IP:	185.199.109.153
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Multi AV Scanner detection for submitted file	AV Detection
Phishing site detected (based on image similarity)	Phishing
Phishing site detected (based on logo match)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Domains

Name

Malicious

cyber-rick-max.github.io

185.199.109.153

Details

Name:	cyber-rick-max.github.io
IP:	185.199.109.153
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.185.132

Details

Name:	www.google.com
IP:	142.250.185.132
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

185.199.109.153

cyber-rick-max.github.io

Netherlands

142.250.185.132

www.google.com

United States

192.168.2.4

unknown

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

185.199.110.153

unknown

Netherlands

DOM / HTML

URL

Malicious

https://cyber-rick-max.github.io/Instagram-mobile-app-clone/

Details

Filename:	0.0.pages.html.dom
Url:	https://cyber-rick-max.github.io/Instagram-mobile-app-clone/
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2480,i,1797990003558239978,3991572395817339401,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Yara detected HtmlPhish64	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://cyber-rick-max.github.io/Instagram-mobile-app-clone

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://cyber-rick-max.github.io/Instagram-mobile-app-clone

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://cyber-rick-max.github.io/Instagram-mobile-app-clone