Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9840171353164076
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.0004838917594725
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.009957861905098
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.998213376111053
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.985358620487291
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Nov 23 17:30:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9941389955793887
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://elizgallery.com/nazvanie.js

Details

Filetype:	URL
Filename:	https://elizgallery.com/nazvanie.js

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://elizgallery.com/nazvanie.js

Details

Name:	https://elizgallery.com/nazvanie.js
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

https://ambir.com/

Details

Name:	https://ambir.com/
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

Domains

Name

Malicious

knrpc.olark.com

34.96.127.16

ambir.com

141.193.213.10

adserver-vpc-alb-0-1210614323.ap-southeast-1.elb.amazonaws.com

54.255.252.168

h2-stratus.zohocdn.com

199.67.80.86

load-use1.exelator.com

52.0.156.250

zpublic.zohopublic.com

136.143.182.97

stats.g.doubleclick.net

66.102.1.156

ps.eyeota.net

52.57.150.20

idsync.rlcdn.com

35.244.154.8

httplogserver-lb.global.unified-prod.sharethis.net

3.72.222.9

elizgallery.com

64.95.11.184

platform-api.sharethis.com

18.173.205.53

www.google.com

142.250.181.100

dcs-ups.g03.yahoodns.net

87.248.114.11

bcp.crwdcntrl.net

13.228.186.151

match.adsrvr.org

35.71.131.137

d2znr2yi078d75.cloudfront.net

65.9.66.121

d1qug1xf2dk5z6.cloudfront.net

18.245.86.116

sludge-sludge-production-768039409.ap-southeast-1.elb.amazonaws.com

13.251.90.62

maxcdn.bootstrapcdn.com

104.18.10.207

accounts.zoho.com

136.143.182.100

cdn.acsbapp.com

104.22.0.204

googleads.g.doubleclick.net

172.217.17.66

d28140lin2gosl.cloudfront.net

108.158.75.28

acsbapp.com

172.67.11.155

analytics.google.com

172.217.19.238

td.doubleclick.net

172.217.21.34

fp2e04.wac.rhocdn.net

192.229.233.34

ml314.com

34.117.77.79

sync.sharethis.com

unknown

d.adroll.com

unknown

buttons-config.sharethis.com

unknown

t.sharethis.com

unknown

ups.analytics.yahoo.com

unknown

loadus.exelator.com

unknown

static.zohocdn.com

unknown

s.adroll.com

unknown

x.adroll.com

unknown

forms.zohopublic.com

unknown

static.olark.com

unknown

cms.analytics.yahoo.com

unknown

l.sharethis.com

unknown

webfonts.zohowebstatic.com

unknown

There are 33 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

136.143.182.97

zpublic.zohopublic.com

United States

172.217.19.227

unknown

United States

104.18.10.207

maxcdn.bootstrapcdn.com

United States

172.217.17.66

googleads.g.doubleclick.net

United States

172.217.17.46

unknown

United States

18.173.205.53

platform-api.sharethis.com

United States

108.158.75.28

d28140lin2gosl.cloudfront.net

United States

192.168.2.16

unknown

18.245.86.116

d1qug1xf2dk5z6.cloudfront.net

United States

2.20.68.70

unknown

European Union

35.244.154.8

idsync.rlcdn.com

United States

18.173.205.10

unknown

United States

2.20.68.97

unknown

European Union

65.9.66.121

d2znr2yi078d75.cloudfront.net

United States

142.250.181.136

unknown

United States

66.102.1.156

stats.g.doubleclick.net

United States

13.228.186.151

bcp.crwdcntrl.net

United States

172.217.19.170

unknown

United States

172.217.21.34

td.doubleclick.net

United States

3.72.222.9

httplogserver-lb.global.unified-prod.sharethis.net

United States

172.217.21.36

unknown

United States

54.255.252.168

adserver-vpc-alb-0-1210614323.ap-southeast-1.elb.amazonaws.com

United States

34.96.127.16

knrpc.olark.com

United States

142.250.181.42

unknown

United States

172.67.11.155

acsbapp.com

United States

35.71.131.137

match.adsrvr.org

United States

34.117.77.79

ml314.com

United States

172.217.19.238

analytics.google.com

United States

52.0.156.250

load-use1.exelator.com

United States

1.1.1.1

unknown

Australia

172.217.17.34

unknown

United States

172.217.17.35

unknown

United States

104.22.0.204

cdn.acsbapp.com

United States

136.143.182.100

accounts.zoho.com

United States

192.229.233.34

fp2e04.wac.rhocdn.net

United States

142.250.181.100

www.google.com

United States

141.193.213.10

ambir.com

United States

141.193.213.11

unknown

United States

87.248.114.11

dcs-ups.g03.yahoodns.net

United Kingdom

64.233.165.84

unknown

United States

239.255.255.250

unknown

Reserved

52.57.150.20

ps.eyeota.net

United States

199.67.80.86

h2-stratus.zohocdn.com

United States

142.250.181.99

unknown

United States

13.250.84.149

unknown

United States

64.95.11.184

elizgallery.com

United States

There are 36 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://elizgallery.com/nazvanie.js

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://elizgallery.com/nazvanie.js

Files

URLs

Domains

IPs

IOC Report
https://elizgallery.com/nazvanie.js