Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 36

ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 36
Category:	downloaded
Dump:	chromecache_36.1.dr
ID:	dr_7
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.373007909346691
Encrypted:	false
Ssdeep:	24:8m1+IOvi0vR/3M53MXX3M6MY3Mt4sVmAcc:z+W0vsAHMgtsoc
Size:	806
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 37

GIF image data, version 89a, 16 x 16

downloaded

Details

File:	Chrome Cache Entry: 37
Category:	downloaded
Dump:	chromecache_37.1.dr
ID:	dr_8
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	GIF image data, version 89a, 16 x 16
Entropy:	5.046211679319879
Encrypted:	false
Ssdeep:	3:CseLNqalNMuWuQLktefoS2W:NypXMqQLktemW
Size:	74
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 38

ASCII text, with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 38
Category:	downloaded
Dump:	chromecache_38.1.dr
ID:	dr_9
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	4.208966082694624
Encrypted:	false
Ssdeep:	3:hwS:hwS
Size:	28
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 39

GIF image data, version 89a, 16 x 16

dropped

Details

File:	Chrome Cache Entry: 39
Category:	dropped
Dump:	chromecache_39.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	GIF image data, version 89a, 16 x 16
Entropy:	5.046211679319879
Encrypted:	false
Ssdeep:	3:CseLNqalNMuWuQLktefoS2W:NypXMqQLktemW
Size:	74
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 40

HTML document, ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 40
Category:	downloaded
Dump:	chromecache_40.1.dr
ID:	dr_10
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with CRLF line terminators
Entropy:	5.0920241927899905
Encrypted:	false
Ssdeep:	48:xiVqH6eJWLdkCgwqkLP+a4QYFPhsLY5WZ1sXZjmW2ZJez6hvtq+YasOLGk:zH/J4eELWK6QRIjZ9ILP
Size:	3511
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 41

JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3

downloaded

Details

File:	Chrome Cache Entry: 41
Category:	downloaded
Dump:	chromecache_41.1.dr
ID:	dr_11
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3
Entropy:	7.790969914801027
Encrypted:	false
Ssdeep:	48:PuERAR5F045wtsOTLwGOtX/TGJCPu/dWGJGocPocr3vnA6APVmVomNg30GAn:mEaZ5weOHAZ/cWuk346APVmV3NGAn
Size:	4019
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 42

JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3

dropped

Details

File:	Chrome Cache Entry: 42
Category:	dropped
Dump:	chromecache_42.1.dr
ID:	dr_6
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3
Entropy:	7.790969914801027
Encrypted:	false
Ssdeep:	48:PuERAR5F045wtsOTLwGOtX/TGJCPu/dWGJGocPocr3vnA6APVmVomNg30GAn:mEaZ5weOHAZ/cWuk346APVmV3NGAn
Size:	4019
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	1588
Target ID:	0
Parent PID:	2308
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	2742376
MD5:	BB7C48CDDDE076E7EB44022520F40F77
Time:	09:02:04
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff74e300000
Modulesize:	2809856
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	4996
Target ID:	1
Parent PID:	1588
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3
Size:	2742376
MD5:	BB7C48CDDDE076E7EB44022520F40F77
Time:	09:02:05
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff74e300000
Modulesize:	2809856
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.2020insight.net/wh4/q.asp?r72962"

Details

Is windows:	true
Is dropped:	false
PID:	7628
Target ID:	3
Parent PID:	2308
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.2020insight.net/wh4/q.asp?r72962"
Size:	2742376
MD5:	BB7C48CDDDE076E7EB44022520F40F77
Time:	09:02:08
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff74e300000
Modulesize:	2809856
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.2020insight.net/wh4/q.asp?r72962

Details

Filetype:	URL
Filename:	https://www.2020insight.net/wh4/q.asp?r72962

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the program directory	System Summary	Masquerading
Downloads files from webservers via HTTP	Networking	Non-Application Layer Protocol Ingress Tool Transfer
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking
Sends SSDP (simple service discovery protocol) broadcast queries	Networking	Network Service Discovery
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Creates a directory in C:\Program Files	Compliance, System Summary
Found graphical window changes (likely an installer)	System Summary

https://www.2020insight.net/wh4/r/default.css

207.21.199.174

https://www.2020insight.net/wh4/l/1518.jpg

207.21.199.174

https://www.2020insight.net/wh4/r/login.asp?project=72962

Details

Name:	https://www.2020insight.net/wh4/r/login.asp?project=72962
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://www.2020insight.net/favicon.ico

207.21.199.174

https://www.2020insight.net/wh4/i/respondent16x16.gif

207.21.199.174

https://growstrongleaders.com/

207.21.198.148

https://www.2020insight.net/wh4/q.asp?r72962

207.21.199.174

Details

Name:	https://www.2020insight.net/wh4/q.asp?r72962
IP:	207.21.199.174
TargetID:	1
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

https://growstrongleaders.com/index.php

207.21.198.148

Domains

Name

Malicious

growstrongleaders.com

207.21.198.148

Details

Name:	growstrongleaders.com
IP:	207.21.198.148
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.80.100

Details

Name:	www.google.com
IP:	142.250.80.100
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.2020insight.net

207.21.199.174

Details

Name:	www.2020insight.net
IP:	207.21.199.174
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

142.250.80.100

www.google.com

United States

207.21.199.174

www.2020insight.net

Canada

192.168.11.20

unknown

207.21.198.148

growstrongleaders.com

Canada

239.255.255.250

unknown

Reserved

Details

IP:	239.255.255.250
TargetID:	0
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	Reserved
Countrycode:	ZZZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Sends SSDP (simple service discovery protocol) broadcast queries	Networking	Network Service Discovery

DOM / HTML

URL

Malicious

https://www.2020insight.net/wh4/r/login.asp?project=72962

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.2020insight.net/wh4/q.asp?r72962

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.2020insight.net/wh4/q.asp?r72962

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://www.2020insight.net/wh4/q.asp?r72962