IOC Report
https://campaign-statistics.com/link_click/eVzwN5-E8q537v-2hTRuu/d0be158402d38c5554253f53a1c37f40

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:57:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:57:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:57:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:57:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:57:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 164

HTML document, ASCII text

downloaded

Chrome Cache Entry: 168

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, components 3

dropped

Chrome Cache Entry: 170

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

dropped

Chrome Cache Entry: 171

ASCII text, with no line terminators

dropped

Chrome Cache Entry: 175

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

dropped

Chrome Cache Entry: 176

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, components 3

dropped

Chrome Cache Entry: 181

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

dropped

Chrome Cache Entry: 187

JSON data

dropped

Chrome Cache Entry: 188

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

dropped

Chrome Cache Entry: 196

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

downloaded

Chrome Cache Entry: 199

Web Open Font Format (Version 2), TrueType, length 68316, version 2.32767

downloaded

Chrome Cache Entry: 204

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

downloaded

Chrome Cache Entry: 206

assembler source, ASCII text

downloaded

Chrome Cache Entry: 213

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 144x144, components 3

downloaded

There are 11 hidden files, click here to show them.

URLs

Name

IP

Malicious

https://campaign-statistics.com/link_click/eVzwN5-E8q537v-2hTRuu/d0be158402d38c5554253f53a1c37f40

Details

Filetype:	URL
Filename:	https://campaign-statistics.com/link_click/eVzwN5-E8q537v-2hTRuu/d0be158402d38c5554253f53a1c37f40

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
HTML page is missing a favicon	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis		Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://campaign-statistics.com/link_click/eVzwN5-E8q537v-2hTRuu/d0be158402d38c5554253f53a1c37f40

Details

Name:	https://campaign-statistics.com/link_click/eVzwN5-E8q537v-2hTRuu/d0be158402d38c5554253f53a1c37f40
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
HTML page contains hidden javascript code	Phishing
HTML page is missing a favicon	Phishing
Spawns processes	System Summary	Process Injection

Domains

Name

IP

Malicious

js.hcaptcha.com

104.19.230.21

Details

Name:	js.hcaptcha.com
IP:	104.19.230.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

api.hcaptcha.com

104.19.230.21

Details

Name:	api.hcaptcha.com
IP:	104.19.230.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

stats.sender.net

104.22.74.115

Details

Name:	stats.sender.net
IP:	104.22.74.115
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

campaign-statistics.com

172.66.40.88

Details

Name:	campaign-statistics.com
IP:	172.66.40.88
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.181.100

Details

Name:	www.google.com
IP:	142.250.181.100
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

api2.hcaptcha.com

104.19.229.21

Details

Name:	api2.hcaptcha.com
IP:	104.19.229.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

imgs3.hcaptcha.com

104.19.230.21

Details

Name:	imgs3.hcaptcha.com
IP:	104.19.230.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

newassets.hcaptcha.com

104.19.229.21

Details

Name:	newassets.hcaptcha.com
IP:	104.19.229.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

172.217.19.238

unknown

United States

1.1.1.1

unknown

Australia

172.217.17.67

unknown

United States

172.217.17.46

unknown

United States

192.168.2.16

unknown

unknown

216.58.208.227

unknown

United States

172.66.40.88

campaign-statistics.com

United States

142.250.181.100

www.google.com

United States

64.233.165.84

unknown

United States

104.19.229.21

api2.hcaptcha.com

United States

239.255.255.250

unknown

Reserved

104.22.74.115

stats.sender.net

United States

172.217.21.42

unknown

United States

104.19.230.21

js.hcaptcha.com

United States

172.66.43.168

unknown

United States

There are 5 hidden IPs, click here to show them.