Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4176
Target ID:	0
Parent PID:	772
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:50:10
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2508,i,10359561964786021580,17757563042689177643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2896
Target ID:	2
Parent PID:	4176
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2508,i,10359561964786021580,17757563042689177643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:50:14
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://40terrastaffinggroup.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGJkNzFkZWJlLTQwODUtNGNlMi1hYTNjLTdkN2YzNWU0YmVjMABGAAAAAABYpOmuJi7tQ6q5WuWub8ZLBwAtSgssfhXVSpJpksK16V0%2FAAAAAaZAAAD9bQqaleUESLifjGau%2Fsr4AALg9NVMAAABEgAQAJuQeKWKJU1KjyY7L4gSFMo%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiNjc1YTc1M2Q1MzRjNDEzZWEwNWE0NzNiMjBmMTNiZGIiLCJzaWduaW5fc3RhdGUiOiJrbXNpIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMTk3Njc5MzA0NzJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIxOTBlMzE0NS0yZWQyLTRmMjItOTQ1OS01ZDhlMWZjOGI1MWVcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3NzMyMDA0NjctMTY0ODM0NzEzOC0zMzMzMzM0NDYyLTM1MTMxNDU2XCJ9IiwibmJmIjoxNzI3NzM4OTI3LCJleHAiOjE3Mjc3MzkyMjcsImlzcyI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJhdWQiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvYXR0YWNobWVudHMub2ZmaWNlLm5ldEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJoYXBwIjoib3dhIn0.DDCiPDY1j1uNmVpBJdSsAokX770OONzh8rv5z3s3gS-I-LsZMYCozhUrKhO2nQu85lawIrkoCL0RO8eT_rPCoQ3V2_5tTd-ECtyx_m8GRUsYCdWK0T-Az3fT7NIZIgikR3QFZXLLU0TVXK_M7DYsIECpjB4cA2rzUxYWUq20Y-DuKKf2BUUhaEjjqr8eB76_2oGXY1Xmli7920rKxpnH3vI8dTEDOqiSzre4gptAP6UcYoEXVHYMSRG7sdJXbXzw95rp1YaDecWGC5eRukjrW0UJC_PIguBm8pVd8uCcTUweRTH6CJ1725v0e5iFYzPPnTtLozIN7b7d1ZFnZQJ6ww&X-OWA-CANARY=bdvoV2GyMV8AAAAAAAAAAPDZi7in4dwYPpU5wYHasUhFap6Og7aDZ8VkPg5v52xCxWVdx1uX1GI.&owa=outlook.office.com&scriptVer=20240920004.10&clientId=03F5E497FBFD4312A9E577D9C247289D&animation=true"

Details

Is windows:	true
Is dropped:	false
PID:	6384
Target ID:	3
Parent PID:	772
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://40terrastaffinggroup.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGJkNzFkZWJlLTQwODUtNGNlMi1hYTNjLTdkN2YzNWU0YmVjMABGAAAAAABYpOmuJi7tQ6q5WuWub8ZLBwAtSgssfhXVSpJpksK16V0%2FAAAAAaZAAAD9bQqaleUESLifjGau%2Fsr4AALg9NVMAAABEgAQAJuQeKWKJU1KjyY7L4gSFMo%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiNjc1YTc1M2Q1MzRjNDEzZWEwNWE0NzNiMjBmMTNiZGIiLCJzaWduaW5fc3RhdGUiOiJrbXNpIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMTk3Njc5MzA0NzJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIxOTBlMzE0NS0yZWQyLTRmMjItOTQ1OS01ZDhlMWZjOGI1MWVcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3NzMyMDA0NjctMTY0ODM0NzEzOC0zMzMzMzM0NDYyLTM1MTMxNDU2XCJ9IiwibmJmIjoxNzI3NzM4OTI3LCJleHAiOjE3Mjc3MzkyMjcsImlzcyI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJhdWQiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvYXR0YWNobWVudHMub2ZmaWNlLm5ldEA2OWEwNzAzYy05YTMxLTQxODMtYjkxYi04ZTRjYjA4NGZiZjAiLCJoYXBwIjoib3dhIn0.DDCiPDY1j1uNmVpBJdSsAokX770OONzh8rv5z3s3gS-I-LsZMYCozhUrKhO2nQu85lawIrkoCL0RO8eT_rPCoQ3V2_5tTd-ECtyx_m8GRUsYCdWK0T-Az3fT7NIZIgikR3QFZXLLU0TVXK_M7DYsIECpjB4cA2rzUxYWUq20Y-DuKKf2BUUhaEjjqr8eB76_2oGXY1Xmli7920rKxpnH3vI8dTEDOqiSzre4gptAP6UcYoEXVHYMSRG7sdJXbXzw95rp1YaDecWGC5eRukjrW0UJC_PIguBm8pVd8uCcTUweRTH6CJ1725v0e5iFYzPPnTtLozIN7b7d1ZFnZQJ6ww&X-OWA-CANARY=bdvoV2GyMV8AAAAAAAAAAPDZi7in4dwYPpU5wYHasUhFap6Og7aDZ8VkPg5v52xCxWVdx1uX1GI.&owa=outlook.office.com&scriptVer=20240920004.10&clientId=03F5E497FBFD4312A9E577D9C247289D&animation=true"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	14:50:16
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

google.com

216.58.206.78

Details

Name:	google.com
IP:	216.58.206.78
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.186.36

Details

Name:	www.google.com
IP:	142.250.186.36
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

217.20.57.41

fp2e7a.wpc.phicdn.net

192.229.221.95

40terrastaffinggroup.com

unknown

Details

Name:	40terrastaffinggroup.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

142.250.186.36

www.google.com

United States

239.255.255.250

unknown

Reserved

192.168.2.4

unknown

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Processes

Domains

IPs