Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 50

ASCII text, with very long lines (48316), with no line terminators

dropped

Details

File:	Chrome Cache Entry: 50
Category:	dropped
Dump:	chromecache_50.2.dr
ID:	dr_0
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (48316), with no line terminators
Entropy:	5.6346993394709
Encrypted:	false
Ssdeep:	768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS
Size:	48316
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 51

ASCII text

dropped

Details

File:	Chrome Cache Entry: 51
Category:	dropped
Dump:	chromecache_51.2.dr
ID:	dr_1
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text
Entropy:	5.072141999174343
Encrypted:	false
Ssdeep:	6144:UvD8eq9mPKl4OfKcknEHZciGhjZPdDwjdwTJFPk78vmAnhZSxwI14i:UE4OfcaZhfOeATG14i
Size:	268381
Whitelisted:	true
Reputation:	low

Chrome Cache Entry: 52

HTML document, ASCII text, with very long lines (65446)

downloaded

Details

File:	Chrome Cache Entry: 52
Category:	downloaded
Dump:	chromecache_52.2.dr
ID:	dr_8
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (65446)
Entropy:	5.989824462199141
Encrypted:	false
Ssdeep:	12288:RjZHJE2dDZ7ZSfFaA3Vqq6wj+p4zVu0rXHjMeXCTdNB1vig:RNHXLvH52zbjMeSb6g
Size:	709616
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 53

HTML document, ASCII text, with very long lines (611)

downloaded

Details

File:	Chrome Cache Entry: 53
Category:	downloaded
Dump:	chromecache_53.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (611)
Entropy:	4.357340680151037
Encrypted:	false
Ssdeep:	384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3
Size:	27150
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 54

ASCII text, with very long lines (48316), with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 54
Category:	downloaded
Dump:	chromecache_54.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (48316), with no line terminators
Entropy:	5.6346993394709
Encrypted:	false
Ssdeep:	768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS
Size:	48316
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 55

JSON data

downloaded

Details

File:	Chrome Cache Entry: 55
Category:	downloaded
Dump:	chromecache_55.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	4.93061644921187
Encrypted:	false
Ssdeep:	12:YyAuRMm92esAaN090orpHRzVYDndpKmUvn+L5t5VWJ5c5u5m54sp5op5p5e5yLRD:YyYm92lhNkHRuSmSnfC3MLu2Y204/z
Size:	1080
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 56

ASCII text

downloaded

Details

File:	Chrome Cache Entry: 56
Category:	downloaded
Dump:	chromecache_56.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text
Entropy:	5.072141999174343
Encrypted:	false
Ssdeep:	6144:UvD8eq9mPKl4OfKcknEHZciGhjZPdDwjdwTJFPk78vmAnhZSxwI14i:UE4OfcaZhfOeATG14i
Size:	268381
Whitelisted:	true
Reputation:	low

Chrome Cache Entry: 57

JSON data

dropped

Details

File:	Chrome Cache Entry: 57
Category:	dropped
Dump:	chromecache_57.2.dr
ID:	dr_7
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JSON data
Entropy:	4.93061644921187
Encrypted:	false
Ssdeep:	12:YyAuRMm92esAaN090orpHRzVYDndpKmUvn+L5t5VWJ5c5u5m54sp5op5p5e5yLRD:YyYm92lhNkHRuSmSnfC3MLu2Y204/z
Size:	1080
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	2448
Target ID:	0
Parent PID:	1892
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:24:17
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,13156030852714949453,8049066657894690581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5804
Target ID:	2
Parent PID:	2448
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,13156030852714949453,8049066657894690581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:24:21
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#"

Details

Is windows:	true
Is dropped:	false
PID:	6356
Target ID:	3
Parent PID:	1892
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:24:23
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#

http://bugs.jquery.com/ticket/12359

unknown

http://jquery.org/license

unknown

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

http://json.org/json2.js

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=649285

unknown

http://sizzlejs.com/

unknown

https://mq8cwwecw5f.tkllop.online/obufsssssssscaaatoion/

172.67.164.87

https://ce9xdwbvgdw.dffjl.online/obufsssssssscaaatoion/

104.21.48.111

http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context

unknown

http://jsperf.com/getall-vs-sizzle/2

unknown

http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript

unknown

https://bugs.webkit.org/show_bug.cgi?id=29084

unknown

http://blindsignals.com/index.php/2009/07/jquery-delay/

unknown

http://bugs.jquery.com/ticket/12282#comment:15

unknown

https://developer.mozilla.org/en-US/docs/CSS/display

unknown

http://dev.w3.org/csswg/cssom/#resolved-values

unknown

https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/favicon.ico

162.159.140.237

https://code.jquery.com/jquery-1.9.1.js

151.101.2.137

https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html

162.159.140.237

https://a.nel.cloudflare.com/report/v4?s=%2FOIeyI3FISkHa%2Bh57RROjlE%2BOftX%2BoiDIVZVZnLK6Ld6alKiBQtEetz4z7z8DzB%2FzNQfhdJ16gmbPGhV8Ars%2FCdIIVWVlCkv5KB6NYrUVfGiyajtzLUo%2B%2FiCsHQ6wQLVEC5rGUmDHF3TN0gF

35.190.80.1

https://developer.mozilla.org/en/Security/CSP)

unknown

https://www.cloudflare.com/favicon.ico

unknown

http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291

unknown

http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A

unknown

https://developers.cloudflare.com/r2/data-access/public-buckets/

unknown

https://github.com/jquery/jquery/pull/764

unknown

https://bugzilla.mozilla.org/show_bug.cgi?id=491668

unknown

http://javascript.nwbox.com/IEContentLoaded/

unknown

http://jquery.com/

unknown

https://freeipapi.com/api/json/

188.114.96.3

There are 21 hidden URLs, click here to show them.

Domains

Name

Malicious

pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev

162.159.140.237

bg.microsoft.map.fastly.net

199.232.214.172

a.nel.cloudflare.com

35.190.80.1

ce9xdwbvgdw.dffjl.online

104.21.48.111

code.jquery.com

151.101.2.137

cdnjs.cloudflare.com

104.17.24.14

freeipapi.com

188.114.96.3

s-part-0017.t-0009.t-msedge.net

13.107.246.45

www.google.com

142.250.186.164

fp2e7a.wpc.phicdn.net

192.229.221.95

mq8cwwecw5f.tkllop.online

172.67.164.87

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

162.159.140.237

pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev

United States

104.17.24.14

cdnjs.cloudflare.com

United States

192.168.2.4

unknown

151.101.130.137

unknown

United States

151.101.2.137

code.jquery.com

United States

172.67.164.87

mq8cwwecw5f.tkllop.online

United States

239.255.255.250

unknown

Reserved

188.114.97.3

unknown

European Union

188.114.96.3

freeipapi.com

European Union

142.250.186.164

www.google.com

United States

35.190.80.1

a.nel.cloudflare.com

United States

104.21.48.111

ce9xdwbvgdw.dffjl.online

United States

There are 2 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#

Details

Filename:	1.0.pages.html.dom
Url:	https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,13156030852714949453,8049066657894690581,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
AI detected landing page (webpage, office document or email)	Persistence and Installation Behavior	Browser Extensions

https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#