Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 100

Unicode text, UTF-8 text, with very long lines (65533), with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 100
Category:	downloaded
Dump:	chromecache_100.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Entropy:	5.034749658890735
Encrypted:	false
Ssdeep:	1536:Rmxa+4rja0K8KGEO8fX98fSLVLMC9Rh+TtjHHquqDHHquqQSHlrfQcL5FBBjP26O:J+4Q98fsRtSHlrfgllqPGSrJDlVTRI7P
Size:	460572
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 101

Web Open Font Format (Version 2), TrueType, length 84932, version 0.0

downloaded

Details

File:	Chrome Cache Entry: 101
Category:	downloaded
Dump:	chromecache_101.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Web Open Font Format (Version 2), TrueType, length 84932, version 0.0
Entropy:	7.99689469764502
Encrypted:	true
Ssdeep:	1536:lbqmgcNU4uw96MhfTRia/r2fMtwZ0m34PtYmLBGD+1QGILaIyb9DRRmqy9YFR:CcNU4uwMCbRiTfO/qmUD+SGZbBRRmq2W
Size:	84932
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 102

ASCII text, with very long lines (65369)

downloaded

Details

File:	Chrome Cache Entry: 102
Category:	downloaded
Dump:	chromecache_102.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65369)
Entropy:	5.096596153838351
Encrypted:	false
Ssdeep:	768:rf7Gxw/Tc/hOWlJ+UtVIuiHlqAmQI4X8OAdXFxbv8KIf2BdU+JdOMx1iVvH1FS:sw/YGGIuiHlqAmO8l1bNXdOqT
Size:	121457
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 94

ASCII text, with very long lines (14076)

downloaded

Details

File:	Chrome Cache Entry: 94
Category:	downloaded
Dump:	chromecache_94.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (14076)
Entropy:	4.822543880128346
Encrypted:	false
Ssdeep:	192:jq5tHp8W+ab2edrKeTUKuEmArKlcZJVrJ3ee+c/:wHu5yWeTUKW+KlkJ5de2/
Size:	14238
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 95

ASCII text, with very long lines (65451)

dropped

Details

File:	Chrome Cache Entry: 95
Category:	dropped
Dump:	chromecache_95.2.dr
ID:	dr_1
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65451)
Entropy:	5.2896589255084425
Encrypted:	false
Ssdeep:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
Size:	89476
Whitelisted:	true
Reputation:	low

Chrome Cache Entry: 96

ASCII text, with very long lines (65536), with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 96
Category:	downloaded
Dump:	chromecache_96.2.dr
ID:	dr_13
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65536), with no line terminators
Entropy:	4.970428577381078
Encrypted:	false
Ssdeep:	768:iMKi/62Mkmghfxymx/G1NfMApz600I4gk4Jt0MX84wvrplEHFLWFd:5W7Vhpz600I4gk4Jt0MXI1d
Size:	78808
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 97

ASCII text, with very long lines (65451)

downloaded

Details

File:	Chrome Cache Entry: 97
Category:	downloaded
Dump:	chromecache_97.2.dr
ID:	dr_14
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65451)
Entropy:	5.2896589255084425
Encrypted:	false
Ssdeep:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
Size:	89476
Whitelisted:	true
Reputation:	low

Chrome Cache Entry: 98

ASCII text, with very long lines (14238), with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 98
Category:	downloaded
Dump:	chromecache_98.2.dr
ID:	dr_15
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (14238), with no line terminators
Entropy:	5.057732694570379
Encrypted:	false
Ssdeep:	192:3qXjEVlGEwvp9NSeYBEBLocY+hMLBSNxHEhoqUpIwxqInj:yjUUjv/NS2oGMLBSNJ8oqgICqInj
Size:	14238
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 99

ASCII text

downloaded

Details

File:	Chrome Cache Entry: 99
Category:	downloaded
Dump:	chromecache_99.2.dr
ID:	dr_16
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text
Entropy:	5.150965320818141
Encrypted:	false
Ssdeep:	192:hn33tMZq3ZBMLcXGbxiAiugTYQS1JPC/DM/pv6QV5WwcQgJ35NLx:53KZq3ZquGb0A+T90J9ZjmQgJ3R
Size:	14224
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4324
Target ID:	0
Parent PID:	3328
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:11:04
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2332,i,8130241608544814763,421725750242185217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3704
Target ID:	2
Parent PID:	4324
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2332,i,8130241608544814763,421725750242185217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:11:07
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/"

Details

Is windows:	true
Is dropped:	false
PID:	6336
Target ID:	3
Parent PID:	3328
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:11:10
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/

https://jobs.sap.com/platform/css/j2w/min/BS3ColumnizedSearch.min.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/platform/js/jquery/jquery-migrate-3.1.0.min.js

130.214.193.81

https://jobs.sap.com/sites/csb/sap/jobs-ui/csb/global-head-keep.js?v=lp76pj0z2h47y6142

130.214.193.81

http://bugs.jquery.com/ticket/13335

unknown

https://jobs.sap.com/sites/csb/sap/jobs-ui/components/job-ui.esm.js?v=lp76pj0z2h47y6142

130.214.193.81

http://fontawesome.io

unknown

https://jobs.sap.com/platform/css/search/BS3ColumnizedSearchHideLabels.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/

130.214.193.81

https://contextualnavigation.api.community.sap.com/static/1.35.2/cxs-designsystem/cxs-designsystem.esm.js?v=lp76pj0z2h47y6142

143.204.215.5

https://jobs.sap.com/sites/csb/sap/72Brand/72BrandVariable_Th-Blk.woff2

130.214.193.81

https://jobs.sap.com/sites/csb/sap/jobs-ui/csb/global-head.css?v=lp76pj0z2h47y6142

130.214.193.81

https://jobs.sap.com/sites/csb/sap/jobs-ui/components/job-ui.css?v=lp76pj0z2h47y6142

130.214.193.81

https://jobs.sap.com/platform/js/jquery/jquery-3.5.1.min.js

130.214.193.81

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

https://jobs.sap.com/platform/css/j2w/min/bootstrapV3.global.responsive.min.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/platform/csb/css/navbar-fixed-top.css

130.214.193.81

https://getbootstrap.com/)

unknown

https://jobs.sap.com/platform/csb/css/customHeader.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/platform/css/j2w/min/sitebuilderframework.min.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/platform/bootstrap/3.4.1/css/bootstrap.min.css

130.214.193.81

https://jobs.sap.com/platform/fontawesome4.7/css/font-awesome-4.7.0.min.css?h=e9e34341

130.214.193.81

https://jobs.sap.com/platform/js/jquery/jquery-migrate-1.4.1.js

130.214.193.81

http://fontawesome.io/license

unknown

There are 13 hidden URLs, click here to show them.

Domains

Name

Malicious

d2yqaroqdoiwyp.cloudfront.net

143.204.215.5

bg.microsoft.map.fastly.net

199.232.210.172

www.google.com

142.250.185.196

Details

Name:	www.google.com
IP:	142.250.185.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

RMK12.jobs2web.com

130.214.193.81

fp2e7a.wpc.phicdn.net

192.229.221.95

jobs.sap.com

unknown

Details

Name:	jobs.sap.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

rmkcdn.successfactors.com

unknown

contextualnavigation.api.community.sap.com

unknown

Details

Name:	contextualnavigation.api.community.sap.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

assets.adobedtm.com

unknown

IPs

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

142.250.185.196

www.google.com

United States

143.204.215.5

d2yqaroqdoiwyp.cloudfront.net

United States

192.168.2.4

unknown

130.214.193.81

RMK12.jobs2web.com

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/

Files

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/

Files

Processes

URLs

Domains

IPs

IOC Report
https://jobs.sap.com/job/Walldorf-Senior-Product-Specialist-%28fmd%29-Partner-Product-Management-Inbound-Partners-and-Hyperscalers-69190/1110022401/