Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9755437356773324
Encrypted:	false
Ssdeep:	48:8+LdpjTxJNfHeidAKZdA19ehwiZUklqehwtfy+3:8SjbNMnfy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.989327786636482
Encrypted:	false
Ssdeep:	48:8yLdpjTxJNfHeidAKZdA1weh/iZUkAQkqehFtfy+2:8ejbN+9QSfy
Size:	2679
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.001343273209915
Encrypted:	false
Ssdeep:	48:8xydpjTxJsHeidAKZdA14tseh7sFiZUkmgqeh7s7tfy+BX:8xMjbfnbfy
Size:	2693
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.988635015609183
Encrypted:	false
Ssdeep:	48:8eLdpjTxJNfHeidAKZdA1vehDiZUkwqehJtfy+R:8yjbNlRfy
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.978638228452283
Encrypted:	false
Ssdeep:	48:8HLdpjTxJNfHeidAKZdA1hehBiZUk1W1qehHtfy+C:8rjbN19tfy
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:18:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9835961611394075
Encrypted:	false
Ssdeep:	48:89LdpjTxJNfHeidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxtfy+yT+:8ZjbNJT/TbxWOvTbbfy7T
Size:	2683
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4464
Target ID:	0
Parent PID:	5764
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:18:10
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1904,i,2066096594652890426,13864252906097924420,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2800
Target ID:	1
Parent PID:	4464
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1904,i,2066096594652890426,13864252906097924420,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:18:14
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://es.research.net/tr/v1/te/7C0u9Xl6xmMaK_2FgPq5vwYc3n3zMl9juoBtwLS5_2FR2i45ZpC_2FuXR0IpLc745ZV1IIu4gVtdrZXbAE4RNTtTQD71ehCc7mQx8vM_2B4wZfBEFvAwlUWXm7Zez4DWrNkLAGRhIQFsQgCJ8CSL9dkL1XYpdeoX8GNVxhKBXVvi1Q721xJGIoEkXSUuc1ovGrRrD3u5Ru_2BKbcErG45Nof46u_2FqqCVMY0ObFX7TjAC4t6ZkaWAPAZj1_2FIqGrSh_2BTnhCRxfbvACjOmfSmTwmCZ7yEnUERxw_3D_3D"

Details

Is windows:	true
Is dropped:	false
PID:	6556
Target ID:	3
Parent PID:	5764
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://es.research.net/tr/v1/te/7C0u9Xl6xmMaK_2FgPq5vwYc3n3zMl9juoBtwLS5_2FR2i45ZpC_2FuXR0IpLc745ZV1IIu4gVtdrZXbAE4RNTtTQD71ehCc7mQx8vM_2B4wZfBEFvAwlUWXm7Zez4DWrNkLAGRhIQFsQgCJ8CSL9dkL1XYpdeoX8GNVxhKBXVvi1Q721xJGIoEkXSUuc1ovGrRrD3u5Ru_2BKbcErG45Nof46u_2FqqCVMY0ObFX7TjAC4t6ZkaWAPAZj1_2FIqGrSh_2BTnhCRxfbvACjOmfSmTwmCZ7yEnUERxw_3D_3D"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:18:16
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://es.research.net/tr/v1/te/7C0u9Xl6xmMaK_2FgPq5vwYc3n3zMl9juoBtwLS5_2FR2i45ZpC_2FuXR0IpLc745ZV1IIu4gVtdrZXbAE4RNTtTQD71ehCc7mQx8vM_2B4wZfBEFvAwlUWXm7Zez4DWrNkLAGRhIQFsQgCJ8CSL9dkL1XYpdeoX8GNVxhKBXVvi1Q721xJGIoEkXSUuc1ovGrRrD3u5Ru_2BKbcErG45Nof46u_2FqqCVMY0ObFX7TjAC4t6ZkaWAPAZj1_2FIqGrSh_2BTnhCRxfbvACjOmfSmTwmCZ7yEnUERxw_3D_3D

Details

Filetype:	URL
Filename:	https://es.research.net/tr/v1/te/7C0u9Xl6xmMaK_2FgPq5vwYc3n3zMl9juoBtwLS5_2FR2i45ZpC_2FuXR0IpLc745ZV1IIu4gVtdrZXbAE4RNTtTQD71ehCc7mQx8vM_2B4wZfBEFvAwlUWXm7Zez4DWrNkLAGRhIQFsQgCJ8CSL9dkL1XYpdeoX8GNVxhKBXVvi1Q721xJGIoEkXSUuc1ovGrRrD3u5Ru_2BKbcErG45Nof46u_2FqqCVMY0ObFX7TjAC4t6ZkaWAPAZj1_2FIqGrSh_2BTnhCRxfbvACjOmfSmTwmCZ7yEnUERxw_3D_3D

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
Downloads files from webservers via HTTP	Networking	Non-Application Layer Protocol Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Windows shortcut file (LNK) contains relative path	System Summary	Masquerading
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://es.research.net/user/email-opt-out/?sm=P_2BA5p_2BO4uC93GDTjMNsrLiQ_2BvWNrzqmFwstR8OpX2eI73y0P2TEcgmEc7dfZpDGz

18.244.18.107

Details

Name:	https://es.research.net/tr/v1/te/7C0u9Xl6xmMaK_2FgPq5vwYc3n3zMl9juoBtwLS5_2FR2i45ZpC_2FuXR0IpLc745ZV1IIu4gVtdrZXbAE4RNTtTQD71ehCc7mQx8vM_2B4wZfBEFvAwlUWXm7Zez4DWrNkLAGRhIQFsQgCJ8CSL9dkL1XYpdeoX8GNVxhKBXVvi1Q721xJGIoEkXSUuc1ovGrRrD3u5Ru_2BKbcErG45Nof46u_2FqqCVMY0ObFX7TjAC4t6ZkaWAPAZj1_2FIqGrSh_2BTnhCRxfbvACjOmfSmTwmCZ7yEnUERxw_3D_3D
IP:	18.244.18.107
TargetID:	1
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

d2yx97y2ukjhui.cloudfront.net

18.244.18.107

s-part-0017.t-0009.t-msedge.net

13.107.246.45

www.google.com

172.217.18.4

Details

Name:	www.google.com
IP:	172.217.18.4
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

s-part-0032.t-0009.t-msedge.net

13.107.246.60

windowsupdatebg.s.llnwi.net

87.248.204.0

es.research.net

unknown

Details

Name:	es.research.net
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

142.250.186.68

unknown

United States

172.217.18.4

www.google.com

United States

192.168.2.7

unknown

192.168.2.6

unknown

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

18.244.18.107

d2yx97y2ukjhui.cloudfront.net

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

Processes

URLs

Domains

IPs