Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4540
Target ID:	0
Parent PID:	2728
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:03:56
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1912,i,17459722688275995018,9549884425335363036,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3680
Target ID:	1
Parent PID:	4540
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1912,i,17459722688275995018,9549884425335363036,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:03:57
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk"

Details

Is windows:	true
Is dropped:	false
PID:	6976
Target ID:	2
Parent PID:	2728
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:03:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk

https://security-us.m.mimecastprotect.com/api/ttp/url/get-page-data

170.10.132.88

https://www.google.co.il/amp/s/url.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk

142.250.181.227

https://security-us.m.mimecastprotect.com/ttpwp/resources/polyfills.5257ca6e429949972959.js

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/images/mimecastlogo@2x.png

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/?tkn=3.366SikdTFMAy_TaEdvcV9GHcM0jj3dClYtnrvpDzbL5ZTSzhCRv8AOCS6_zdupT_lktVIsYg6yMAb6nItbRjJhN5jgGTDcVXrR37as__jmB-kGMos0GEzPdWSFHZXsyMuGEOa0gQn5KACOEcTv3Us_daiq-XAk0CW6nas8dM_gEKbWQM47dfyp7NWkJ5zhgZ.HXSzu7iEgmzrwUxf-KvnkA#/block?key=sQWSJDm0QP9zhFiiFttlhCGLnKk_45zZEE_qZO5dW3LxxjgqWgNlOD9HyVUNCedqLr4LnPoVC1m_XEO3KI3lDH4CSeWt8znEw064cNqjZ8AavSHAfLV0Sz5NRiGSTOpV

142.250.181.227

https://security-us.m.mimecastprotect.com/ttpwp/resources/languages/en.json

170.10.132.88

http://www.mimecast.com/

unknown

https://security-us.m.mimecastprotect.com/ttpwp?tkn=3.366SikdTFMAy_TaEdvcV9GHcM0jj3dClYtnrvpDzbL5ZTSzhCRv8AOCS6_zdupT_lktVIsYg6yMAb6nItbRjJhN5jgGTDcVXrR37as__jmB-kGMos0GEzPdWSFHZXsyMuGEOa0gQn5KACOEcTv3Us_daiq-XAk0CW6nas8dM_gEKbWQM47dfyp7NWkJ5zhgZ.HXSzu7iEgmzrwUxf-KvnkA

170.10.132.88

https://security-us.m.mimecastprotect.com/branding/247e11fef91c5004a353fa5232e56bec0394f500/style.css?tkn=3.366SikdTFMAy_TaEdvcV9GHcM0jj3dClYtnrvpDzbL5ZTSzhCRv8AOCS6_zdupT_lktVIsYg6yMAb6nItbRjJhN5jgGTDcVXrR37as__jmB-kGMos0GEzPdWSFHZXsyMuGEOa0gQn5KACOEcTv3Us_daiq-XAk0CW6nas8dM_gEKbWQM47dfyp7NWkJ5zhgZ.HXSzu7iEgmzrwUxf-KvnkA&originalContextPath=ttpwp

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/runtime.5257ca6e429949972959.js

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/styles.5257ca6e429949972959.js

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2

170.10.132.88

https://security-us.m.mimecastprotect.com/branding/247e11fef91c5004a353fa5232e56bec0394f500/main-page-logo.png?tkn=3.366SikdTFMAy_TaEdvcV9GHcM0jj3dClYtnrvpDzbL5ZTSzhCRv8AOCS6_zdupT_lktVIsYg6yMAb6nItbRjJhN5jgGTDcVXrR37as__jmB-kGMos0GEzPdWSFHZXsyMuGEOa0gQn5KACOEcTv3Us_daiq-XAk0CW6nas8dM_gEKbWQM47dfyp7NWkJ5zhgZ.HXSzu7iEgmzrwUxf-KvnkA&originalContextPath=ttpwp

170.10.132.88

https://security-us.m.mimecastprotect.com/ttpwp/resources/main.5257ca6e429949972959.js

170.10.132.88

https://url.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA

205.139.111.117

https://security-us.m.mimecastprotect.com/ttpwp/resources/images/favicon.ico

170.10.132.88

https://community.mimecast.com/docs/DOC-241

unknown

There are 9 hidden URLs, click here to show them.

Domains

Name

Malicious

url.us.m.mimecastprotect.com

205.139.111.117

Details

Name:	url.us.m.mimecastprotect.com
IP:	205.139.111.117
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected suspicious crossdomain redirect	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

security-us.m.mimecastprotect.com

170.10.132.88

Details

Name:	security-us.m.mimecastprotect.com
IP:	170.10.132.88
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.184.228

Details

Name:	www.google.com
IP:	142.250.184.228
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.co.il

142.250.181.227

Details

Name:	www.google.co.il
IP:	142.250.181.227
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected suspicious crossdomain redirect	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

205.139.111.117

url.us.m.mimecastprotect.com

United States

192.168.2.16

unknown

170.10.132.89

unknown

United States

170.10.132.88

security-us.m.mimecastprotect.com

United States

142.250.181.227

www.google.co.il

United States

239.255.255.250

unknown

Reserved

142.250.186.100

unknown

United States

142.250.184.228

www.google.com

United States

DOM / HTML

URL

Malicious

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://www.google.co.il/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Furl.us.m.mimecastprotect.com/s/4lucC82NvwFMjpGOhnfECyjGpA?domain=google.co.uk