IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 16:04:53 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 101
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 102
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (468)
downloaded
Chrome Cache Entry: 104
HTML document, ASCII text, with very long lines (681)
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (5693)
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (553)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (1694)
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (522)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (755)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (683)
downloaded
Chrome Cache Entry: 111
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (2907)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (533)
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (570)
downloaded
Chrome Cache Entry: 115
ASCII text, with very long lines (395)
downloaded
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe /T
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5528 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=2352,i,15969125917398102169,18062438457060757556,262144 /prefetch:8

URLs

Name
IP
Malicious
https://play.google/intl/
unknown
https://families.google.com/intl/
unknown
https://youtube.com/t/terms?gl=
unknown
https://policies.google.com/technologies/location-data
unknown
https://www.google.com/intl/
unknown
https://apis.google.com/js/api.js
unknown
https://policies.google.com/privacy/google-partners
unknown
https://play.google.com/work/enroll?identifier=
unknown
https://policies.google.com/terms/service-specific
unknown
https://g.co/recover
unknown
https://policies.google.com/privacy/additional
unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
unknown
https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.185.142
https://policies.google.com/technologies/cookies
unknown
https://www.google.com/favicon.ico
216.58.206.68
https://policies.google.com/terms
unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
unknown
https://www.google.com
unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json
142.250.185.142
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.youtube.com/t/terms?chromeless=1&hl=
unknown
https://support.google.com/accounts?hl=
unknown
https://policies.google.com/terms/location
unknown
https://policies.google.com/privacy
unknown
https://support.google.com/accounts?p=new-si-ui
unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
unknown
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
youtube-ui.l.google.com
216.58.206.46
www3.l.google.com
142.250.185.110
play.google.com
142.250.185.142
www.google.com
216.58.206.68
youtube.com
142.250.185.78
accounts.youtube.com
unknown
www.youtube.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.185.78
youtube.com
United States
142.250.185.110
www3.l.google.com
United States
192.168.2.9
unknown
unknown
216.58.206.46
youtube-ui.l.google.com
United States
216.58.206.68
www.google.com
United States
239.255.255.250
unknown
Reserved
142.250.185.142
play.google.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
17B0000
heap
page read and write
DD0000
heap
page read and write
1FAE000
stack
page read and write
D80000
heap
page read and write
17E5000
heap
page read and write
10C000
unkown
page readonly
17D9000
heap
page read and write
23AE000
stack
page read and write
71000
unkown
page execute read
1720000
heap
page read and write
13DB000
stack
page read and write
3D10000
heap
page read and write
13CE000
stack
page read and write
17E3000
heap
page read and write
13BF000
stack
page read and write
17E3000
heap
page read and write
17D3000
heap
page read and write
132000
unkown
page readonly
DCE000
stack
page read and write
15D0000
heap
page read and write
1800000
heap
page read and write
13C000
unkown
page read and write
144000
unkown
page readonly
3D14000
heap
page read and write
71000
unkown
page execute read
17D0000
heap
page read and write
150E000
stack
page read and write
D19000
stack
page read and write
13EF000
stack
page read and write
70000
unkown
page readonly
17E3000
heap
page read and write
144000
unkown
page readonly
17B8000
heap
page read and write
17E3000
heap
page read and write
17FD000
heap
page read and write
17E3000
heap
page read and write
13FE000
stack
page read and write
17E5000
heap
page read and write
15F0000
heap
page read and write
10C000
unkown
page readonly
13C000
unkown
page write copy
17D3000
heap
page read and write
140000
unkown
page write copy
17E3000
heap
page read and write
17FD000
heap
page read and write
71000
unkown
page execute read
132000
unkown
page readonly
70000
unkown
page readonly
17EE000
heap
page read and write
17D8000
heap
page read and write
There are 40 hidden memdumps, click here to show them.