Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9811650338603677
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9941554724964092
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.003932907157454
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9924691531888428
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.981565809871908
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 07:16:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9930969441260014
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://carta.com/intralinks/Treezor

Details

Filetype:	URL
Filename:	https://carta.com/intralinks/Treezor

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Queries process information (via WMI, Win32_Process)	System Summary	Windows Management Instrumentation System Information Discovery
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://carta.com/intralinks/

Details

Name:	https://carta.com/intralinks/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

https://carta.com/

Details

Name:	https://carta.com/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

https://carta.com/intralinks/Treezor/

Details

Name:	https://carta.com/intralinks/Treezor/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
HTML page is missing a favicon	Phishing

Domains

Name

Malicious

d2rpa84eq2akk3.cloudfront.net

18.173.205.104

js.zi-scripts.com

104.18.37.212

d3orhvfyxudxxq.cloudfront.net

13.33.187.16

forms.hubspot.com

104.16.117.116

highpri.litix.io

52.22.103.159

js.hs-analytics.net

104.17.175.201

dg2iu7dxxehbo.cloudfront.net

18.172.103.101

platform.twitter.map.fastly.net

199.232.188.157

cookie-cdn.cookiepro.com

172.64.151.166

js.sentry-cdn.com

151.101.194.217

insight.adsrvr.org

35.71.131.137

track.hubspot.com

104.16.118.116

d36ufq1ap5wy15.cloudfront.net

13.32.121.29

js.hs-scripts.com

104.16.139.209

ws.qualified.com

104.18.17.5

cm.g.doubleclick.net

142.250.186.162

www.google.com

142.250.186.36

js.usemessages.com

104.16.79.142

ob.healthroundprince.com

108.138.26.16

ws-assets.zoominfo.com

104.16.118.43

js.hubspotfeedback.com

104.17.79.250

match.adsrvr.org

35.71.131.137

a.nel.cloudflare.com

35.190.80.1

214-btd-103.mktoresp.com

192.28.144.124

ws.zoominfo.com

104.16.117.43

cmw-utilities.netlify.app

18.192.231.252

ingesteer.services-prod.nsvcs.net

18.221.149.173

js.qualified.com

104.18.17.5

js.hsadspixel.net

104.17.128.172

k8s-mutiny-privatea-b7eaf9f835-63806838.us-east-1.elb.amazonaws.com

52.206.188.86

js.hsleadflows.net

104.18.140.17

obs.healthroundprince.com

35.172.245.152

api.hubspot.com

104.16.118.116

d1p8wauaa7285.cloudfront.net

13.32.27.124

o30383.ingest.us.sentry.io

34.120.195.249

carta.com

104.18.38.27

fp2c5c.wac.kappacdn.net

152.195.15.58

ib.anycast.adnxs.com

185.89.210.180

geolocation.onetrust.com

104.18.32.137

static.ads-twitter.com

unknown

fg8vvsvnieiv3ej16jby.litix.io

unknown

js.adsrvr.org

unknown

pixel.rubiconproject.com

unknown

images.ctfassets.net

unknown

px.ads.linkedin.com

unknown

munchkin.marketo.net

unknown

fast.wistia.net

unknown

fast.wistia.com

unknown

embed-cloudfront.wistia.com

unknown

images.mutinycdn.com

unknown

cdn.bizibly.com

unknown

cdn.bizible.com

unknown

distillery.wistia.com

unknown

client-registry.mutinycdn.com

unknown

www.linkedin.com

unknown

pipedream.wistia.com

unknown

snap.licdn.com

unknown

ib.adnxs.com

unknown

api-v2.mutinyhq.io

unknown

There are 49 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

13.32.27.124

d1p8wauaa7285.cloudfront.net

United States

142.250.186.68

unknown

United States

192.28.144.124

214-btd-103.mktoresp.com

United States

151.101.130.132

unknown

United States

18.192.231.252

cmw-utilities.netlify.app

United States

108.138.26.16

ob.healthroundprince.com

United States

104.16.79.142

js.usemessages.com

United States

151.101.1.91

unknown

United States

172.64.151.166

cookie-cdn.cookiepro.com

United States

104.16.139.209

js.hs-scripts.com

United States

104.16.117.43

ws.zoominfo.com

United States

13.33.187.16

d3orhvfyxudxxq.cloudfront.net

United States

104.16.118.116

track.hubspot.com

United States

104.18.32.137

geolocation.onetrust.com

United States

35.190.80.1

a.nel.cloudflare.com

United States

35.71.131.137

insight.adsrvr.org

United States

104.17.128.172

js.hsadspixel.net

United States

88.221.110.136

unknown

European Union

1.1.1.1

unknown

Australia

142.250.186.36

www.google.com

United States

151.101.66.132

unknown

United States

104.17.79.250

js.hubspotfeedback.com

United States

52.22.103.159

highpri.litix.io

United States

104.17.95.250

unknown

United States

142.250.185.238

unknown

United States

104.16.118.43

ws-assets.zoominfo.com

United States

172.64.155.119

unknown

United States

13.107.42.14

unknown

United States

18.221.149.173

ingesteer.services-prod.nsvcs.net

United States

104.17.175.201

js.hs-analytics.net

United States

239.255.255.250

unknown

Reserved

104.18.38.27

carta.com

United States

151.101.193.91

unknown

United States

142.250.186.142

unknown

United States

199.232.188.157

platform.twitter.map.fastly.net

United States

172.217.16.195

unknown

United States

52.206.188.86

k8s-mutiny-privatea-b7eaf9f835-63806838.us-east-1.elb.amazonaws.com

United States

104.18.141.17

unknown

United States

152.195.15.58

fp2c5c.wac.kappacdn.net

United States

54.196.227.84

unknown

United States

142.250.186.174

unknown

United States

18.172.103.101

dg2iu7dxxehbo.cloudfront.net

United States

142.250.185.200

unknown

United States

192.168.2.16

unknown

13.33.187.2

unknown

United States

69.173.144.138

unknown

United States

18.192.94.96

unknown

United States

104.18.37.212

js.zi-scripts.com

United States

185.89.210.180

ib.anycast.adnxs.com

Germany

151.101.194.217

js.sentry-cdn.com

United States

142.250.186.131

unknown

United States

18.173.205.104

d2rpa84eq2akk3.cloudfront.net

United States

13.32.121.29

d36ufq1ap5wy15.cloudfront.net

United States

13.32.27.106

unknown

United States

151.101.194.132

unknown

United States

104.18.140.17

js.hsleadflows.net

United States

104.18.41.41

unknown

United States

142.250.186.162

cm.g.doubleclick.net

United States

34.199.234.25

unknown

United States

104.18.17.5

ws.qualified.com

United States

104.102.43.106

unknown

United States

35.172.245.152

obs.healthroundprince.com

United States

192.168.2.12

unknown

172.64.149.229

unknown

United States

172.64.150.44

unknown

United States

64.233.184.84

unknown

United States

151.101.2.132

unknown

United States

142.250.186.168

unknown

United States

34.120.195.249

o30383.ingest.us.sentry.io

United States

104.17.223.152

unknown

United States

104.16.117.116

forms.hubspot.com

United States

There are 61 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://carta.com/intralinks/Treezor

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://carta.com/intralinks/Treezor

Files

URLs

Domains

IPs

IOC Report
https://carta.com/intralinks/Treezor