Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.986195909556042
Encrypted:	false
Ssdeep:	48:83ddTFViHOidAKZdA1FehwiZUklqeh2y+3:8/rPZy
Size:	2673
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.004492472593786
Encrypted:	false
Ssdeep:	48:80ddTFViHOidAKZdA1seh/iZUkAQkqehJy+2:8Or59Q0y
Size:	2675
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.008701017092537
Encrypted:	false
Ssdeep:	48:86ddTFVAHOidAKZdA14meh7sFiZUkmgqeh7sny+BX:8UrXnVy
Size:	2689
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.002972048566335
Encrypted:	false
Ssdeep:	48:8rddTFViHOidAKZdA1TehDiZUkwqeh9y+R:8Trqvy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.989423123891425
Encrypted:	false
Ssdeep:	48:8WddTFViHOidAKZdA1dehBiZUk1W1qehjy+C:8Qrq9Dy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:54:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9981311077393773
Encrypted:	false
Ssdeep:	48:8VddTFViHOidAKZdA1duTeehOuTbbiZUk5OjqehOuTbVy+yT+:81rgTfTbxWOvTbVy7T
Size:	2679
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6356
Target ID:	0
Parent PID:	4776
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	07:54:48
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1652,i,6090835143889241649,409201857259258202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5644
Target ID:	1
Parent PID:	6356
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1652,i,6090835143889241649,409201857259258202,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	07:54:48
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https:/atpscan.global.hornetsecurity.com?d=HxUeIGqTQEqvwrU8p1N89GE3yJlZecpNcGjfW6U6YzYSjU_9OiLEcgg647uzUCOz&f=lCjmWZaU_lXGo-uD-VMCm8CTm9juwffvjLZZjV_sHlLrHh6gMvhc-HPIU6ctVgjB&i=&k=raoI&m=z096FzzmeY0TwKP_lLoSRO1ALDlxuPs0wb9J7P-04Nvq72vehgtQvm2ae-s4N7jdwX3cbgaNR5sm_YmOWvXX07-DrCU2CsVsnW7CNYmEvm62kp40rQziaMtWdO48yE3P&n=jt2iaFkee2RMzcRS0s_k1DZgKPZQqDTpNjkXDH5q7BYKpdiMVXwkcO9G-HiUGe3P3iUbTzVkOYExqUMdU7dDZw&r=HIcFJpaQDmgaBEPEgO7ak_3notrkSvxgxxz_ZDLXwjn8CR1bH1fIEvoEJrzn6ghR&s=27253a14b4e308d98803735f7d14c90706c09a034aa7045c1e169d37118534cd&u=https*3A*2F*2Fpitstop.powellind.com*2Fxfer*2Fbhub.cgi*3Fact*3Ddirect_download_file*26package_id*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*26file_name*3D25394301TR8*252Ezip*26username*3Ddlarue*2540schmidt*252Delectric*252Ecom*26direct_token*3D0171FB06502FE3115A63166894845D25__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!PsRMz_liT-2f!lyFBpyvRN69uTi9lGXPBKy-XSt-kz0C0JEORrqM8dMdi_IxvE9r1JFw4LyvspGoo--E3uM-bmu0c27NT9-DG$"

Details

Is windows:	true
Is dropped:	false
PID:	6748
Target ID:	2
Parent PID:	4776
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https:/atpscan.global.hornetsecurity.com?d=HxUeIGqTQEqvwrU8p1N89GE3yJlZecpNcGjfW6U6YzYSjU_9OiLEcgg647uzUCOz&f=lCjmWZaU_lXGo-uD-VMCm8CTm9juwffvjLZZjV_sHlLrHh6gMvhc-HPIU6ctVgjB&i=&k=raoI&m=z096FzzmeY0TwKP_lLoSRO1ALDlxuPs0wb9J7P-04Nvq72vehgtQvm2ae-s4N7jdwX3cbgaNR5sm_YmOWvXX07-DrCU2CsVsnW7CNYmEvm62kp40rQziaMtWdO48yE3P&n=jt2iaFkee2RMzcRS0s_k1DZgKPZQqDTpNjkXDH5q7BYKpdiMVXwkcO9G-HiUGe3P3iUbTzVkOYExqUMdU7dDZw&r=HIcFJpaQDmgaBEPEgO7ak_3notrkSvxgxxz_ZDLXwjn8CR1bH1fIEvoEJrzn6ghR&s=27253a14b4e308d98803735f7d14c90706c09a034aa7045c1e169d37118534cd&u=https3A2F2Fpitstop.powellind.com2Fxfer2Fbhub.cgi3Fact3Ddirect_download_file26package_id3Dpowelldocmanager2540powellind252Ecom255FO8FN5TMSR40O4R6VOBEQREUV8626file_name3D25394301TR8252Ezip26username3Ddlarue2540schmidt252Delectric252Ecom26direct_token3D0171FB06502FE3115A63166894845D25__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!PsRMz_liT-2f!lyFBpyvRN69uTi9lGXPBKy-XSt-kz0C0JEORrqM8dMdi_IxvE9r1JFw4LyvspGoo--E3uM-bmu0c27NT9-DG$"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	07:54:49
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

google.com

142.250.184.206

Details

Name:	google.com
IP:	142.250.184.206
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.185.132

Details

Name:	www.google.com
IP:	142.250.185.132
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

192.168.2.16

unknown

142.250.185.132

www.google.com

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

Processes

Domains

IPs