Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	2300
Target ID:	0
Parent PID:	5844
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	09:44:09
Date:	06/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2032,i,4131305535451324077,8055093464155782048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3940
Target ID:	2
Parent PID:	2300
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2032,i,4131305535451324077,8055093464155782048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	09:44:10
Date:	06/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://melodic-agency-full.on-fleek.app/"

Details

Is windows:	true
Is dropped:	false
PID:	6432
Target ID:	3
Parent PID:	5844
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://melodic-agency-full.on-fleek.app/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	09:44:14
Date:	06/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://melodic-agency-full.on-fleek.app/

https://melodic-agency-full.on-fleek.app/img/no_avatar.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/PrivacyCenter.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/ico.ico

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/dir.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/meta-logo-grey.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/2FA.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/star.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/phone.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/

https://melodic-agency-full.on-fleek.app/img/fb_round_logo.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/save_img.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/styles/style.css

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/block_2.png

104.26.13.141

https://melodic-agency-full.on-fleek.app/styles/bootstrap.min.css

104.26.13.141

https://melodic-agency-full.on-fleek.app/img/doc.png

104.26.13.141

https://api.emailjs.com/api/v1.0/email/send

unknown

https://api.db-ip.com/v2/free/self/

172.67.75.166

https://a.nel.cloudflare.com/report/v4?s=6brmOOMSEPwYip4nlEkta6HangljD2RZfYSxdeXV8gwkmtu8ru8bRgmCa%2F%2B1J%2FB9EBFBYcPJGkOm%2FlPvKqtonuEbh5exLzRX7AriTEuQK%2FOxoVSErBRSEH%2FmKiiTRiRRL0yV9Yv%2FKm0rpkjxIm7m1PuK

35.190.80.1

http://www.gimp.org/xmp/

unknown

https://a.nel.cloudflare.com/report/v4?s=hPX5F0%2B5%2FUrsbX5QHuc2%2B8pyOsdt57rkodRAQYg%2BI55SIiWbbJ2NnzelUL5T7NIw1eFAXgYsLPdMuI94YTpWy%2B3fstLILcjYZW5gEBpv5Qmk%2BgmNihd2HWnVq27bq6b22IWDQl%2Fkt%2B3Y%2B92p%2F4dE6aJF

35.190.80.1

https://popper.js.org)

unknown

There are 11 hidden URLs, click here to show them.

Domains

Name

Malicious

a.nel.cloudflare.com

35.190.80.1

Details

Name:	a.nel.cloudflare.com
IP:	35.190.80.1
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

melodic-agency-full.on-fleek.app

172.67.73.189

Details

Name:	melodic-agency-full.on-fleek.app
IP:	172.67.73.189
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

api.db-ip.com

172.67.75.166

Details

Name:	api.db-ip.com
IP:	172.67.75.166
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

s-part-0017.t-0009.t-msedge.net

13.107.246.45

www.google.com

142.250.185.100

Details

Name:	www.google.com
IP:	142.250.185.100
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

windowsupdatebg.s.llnwi.net

87.248.205.0

IPs

Domain

Country

Malicious

172.67.75.166

api.db-ip.com

United States

142.250.185.100

www.google.com

United States

192.168.2.4

unknown

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

104.26.13.141

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

DOM / HTML

URL

Malicious

https://melodic-agency-full.on-fleek.app/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://melodic-agency-full.on-fleek.app/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://melodic-agency-full.on-fleek.app/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://melodic-agency-full.on-fleek.app/