IOC Report
https://conpass.my.conferences.cc/

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 15:07:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 15:07:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 15:07:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 15:07:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 15:07:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 72

ASCII text, with very long lines (4648)

downloaded

Chrome Cache Entry: 73

ASCII text, with very long lines (65465)

downloaded

Chrome Cache Entry: 74

Web Open Font Format (Version 2), TrueType, length 16680, version 1.0

downloaded

Chrome Cache Entry: 75

HTML document, ASCII text, with very long lines (1261), with no line terminators

downloaded

Chrome Cache Entry: 76

Web Open Font Format (Version 2), TrueType, length 18588, version 1.0

downloaded

Chrome Cache Entry: 77

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

downloaded

Chrome Cache Entry: 78

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

downloaded

Chrome Cache Entry: 79

ASCII text

downloaded

Chrome Cache Entry: 80

ASCII text

downloaded

Chrome Cache Entry: 81

ASCII text, with very long lines (65465)

dropped

Chrome Cache Entry: 82

PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 83

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

dropped

Chrome Cache Entry: 84

Unicode text, UTF-8 text, with very long lines (65528), with no line terminators

downloaded

Chrome Cache Entry: 85

JSON data

downloaded

Chrome Cache Entry: 86

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

dropped

Chrome Cache Entry: 87

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

dropped

Chrome Cache Entry: 88

JSON data

dropped

Chrome Cache Entry: 89

PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 90

ASCII text

downloaded

Chrome Cache Entry: 91

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 92

ASCII text

dropped

Chrome Cache Entry: 93

JSON data

downloaded

Chrome Cache Entry: 94

PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 95

ASCII text

downloaded

Chrome Cache Entry: 96

PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 97

PNG image data, 24 x 24, 8-bit/color RGBA, interlaced

downloaded

Chrome Cache Entry: 98

Web Open Font Format (Version 2), TrueType, length 18536, version 1.0

downloaded

There are 24 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	576
Target ID:	0
Parent PID:	5400
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:07:38
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1684,i,11518705863702420125,16990071055180554277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4432
Target ID:	2
Parent PID:	576
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1684,i,11518705863702420125,16990071055180554277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:07:41
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://conpass.my.conferences.cc/"

Details

Is windows:	true
Is dropped:	false
PID:	6180
Target ID:	3
Parent PID:	5400
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://conpass.my.conferences.cc/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	12:07:43
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

https://conpass.my.conferences.cc/

https://auth.floq.live/u/login?state=hqFo2SBma19rYU5ZRGpsZnF2ekN1LU9JYld6bkpSWEttSkRzc6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIEEzNDF5eDlxbVlzWGMtbFk4THNybWx0VjV5YXlSRFhvo2NpZNkgWmdjd2JCdklXdjhOMDA0bFZiY0U4MDlBREFVamt0UUelb3JnaWS0b3JnX2ZzWGh0dEJaWDd5bldoQjWnb3JnbmFtZadjb25wYXNz

https://studio.floq.dev/favicon.ico

18.244.18.57

https://s3.amazonaws.com/cctrixieimages/trixie-configurator-conpass/5669a7f95cb95ac447c1513e/1615910515logo_1200-e1423133616739.png

16.15.192.23

https://cdn.auth0.com/ulp/react-components/1.98.0/css/main.cdn.min.css

13.33.223.41

https://conpass.my.conferences.cc/

3.160.150.115

https://conpass.studio.floq.live/static/css/main.144ea6d2.css

13.33.187.114

https://conpass.studio.floq.live/logo192.png

13.33.187.114

https://api.floq.live/floq/find?name=conpass

3.75.18.255

https://assets.dev.indrina.com/trixie-configurator-conpass/5669a7f95cb95ac447c1513e/1678870067CC-Dem

unknown

https://conpass.studio.floq.live/

https://conpass.studio.floq.live/static/js/main.1545b7fd.js

13.33.187.114

https://conpass.studio.floq.live/manifest.json

13.33.187.114

https://lambda.eu-central-1.amazonaws.com/2015-03-31/functions/analytics-api-prod-report/invocations

3.121.178.142

https://auth.floq.live/authorize?organization=org_fsXhttBZX7ynWhB5&audience=floq-api&prompt=select_account&client_id=ZgcwbBvIWv8N004lVbcE809ADAUjktQG&redirect_uri=https%3A%2F%2Fconpass.studio.floq.live&scope=openid%20profile%20email&response_type=code&response_mode=query&state=N2Y3SEN%2BekZEMVJGUkxRdDM1T35JZmFOYUY2eTNrcmNXTzVjQVJzS2hqdA%3D%3D&nonce=UldfbFlSSDRObExhc1A3UFJLc1NGZWtnZnZub3hLTG0wZUhTa2VkLU9MdQ%3D%3D&code_challenge=016_mBkqn7kSSKgP9FsM7fCLrHOvFt-sYVkPeRRATDc&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4wIn0%3D

104.19.153.19

https://conpass.studio.floq.live/favicon.ico

13.33.187.114

https://studio.floq.dev/login-background-image.png

18.244.18.57

There are 6 hidden URLs, click here to show them.

Domains

Name

IP

Malicious

d17cvw2m4lzjcx.cloudfront.net

3.160.150.115

d2sqfk8f0ltor5.cloudfront.net

13.33.187.114

s3.amazonaws.com

16.15.192.23

floq-prod-cd-xim3gbvtfhmvbpoy.edge.tenants.eu.auth0.com

104.19.153.19

lambda.eu-central-1.amazonaws.com

3.121.178.142

s-part-0017.t-0009.t-msedge.net

13.107.246.45

www.google.com

216.58.206.68

d-o8g2szpkz2.execute-api.eu-central-1.amazonaws.com

3.75.18.255

fp2e7a.wpc.phicdn.net

192.229.221.95

s-part-0032.t-0009.t-msedge.net

13.107.246.60

d1vidgexwb9hsq.cloudfront.net

18.244.18.57

dp0wn1kjwhg75.cloudfront.net

13.33.223.41

conpass.studio.floq.live

unknown

conpass.my.conferences.cc

unknown

auth.floq.live

unknown

api.floq.live

unknown

cdn.auth0.com

unknown

studio.floq.dev

unknown

There are 8 hidden domains, click here to show them.

IPs

IP

Domain

Country

Malicious

192.168.2.6

unknown

unknown

192.168.2.5

unknown

unknown

3.121.178.142

lambda.eu-central-1.amazonaws.com

United States

18.199.65.248

unknown

United States

13.33.223.41

dp0wn1kjwhg75.cloudfront.net

United States

13.33.187.114

d2sqfk8f0ltor5.cloudfront.net

United States

52.216.58.56

unknown

United States

3.75.18.255

d-o8g2szpkz2.execute-api.eu-central-1.amazonaws.com

United States

18.244.18.72

unknown

United States

18.244.18.57

d1vidgexwb9hsq.cloudfront.net

United States

3.160.150.115

d17cvw2m4lzjcx.cloudfront.net

United States

216.58.206.68

www.google.com

United States

104.19.153.19

floq-prod-cd-xim3gbvtfhmvbpoy.edge.tenants.eu.auth0.com

United States

239.255.255.250

unknown

Reserved

13.33.187.76

unknown

United States

16.15.192.23

s3.amazonaws.com

United States

18.156.159.138

unknown

United States

There are 7 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://conpass.studio.floq.live/

https://conpass.studio.floq.live/

https://auth.floq.live/u/login?state=hqFo2SBma19rYU5ZRGpsZnF2ekN1LU9JYld6bkpSWEttSkRzc6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIEEzNDF5eDlxbVlzWGMtbFk4THNybWx0VjV5YXlSRFhvo2NpZNkgWmdjd2JCdklXdjhOMDA0bFZiY0U4MDlBREFVamt0UUelb3JnaWS0b3JnX2ZzWGh0dEJaWDd5bldoQjWnb3JnbmFtZadjb25wYXNz