Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:31 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.986004279337992
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.0029459043844975
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.0157168791850415
Encrypted:	false
Size:	2693
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9999375125581484
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.99036227650443
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 17:49:30 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.002328221921796
Encrypted:	false
Size:	2683
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://na2.docusign.net/Signing/EmailStart.aspx?a=411d2d60-71ee-4477-b645-ccd87151891a&etti=24&acct=b31151fe-1c65-4015-aade-ea249bb0ede6&er=8c8c89ec-97a5-4f5f-882c-1f8e280db0ce&ensd=OlmiHSbJ0eI9ZkG%2fXULDaodBOGI8IJu%2bHw6FQ6MJzij7aDyjpUTWeytYGpq%2fEBOjTDkWOuiaWcxRrawwnlYKXPH6Fk6EMtNu%2fTwdy7t%2bXYptuLXzPRFx2bwYBDlgm%2fJsIgELi73m%2fMoWXuACiexoKFdy63uKkWu%2fC9YSun8cCbWrY5iSlNo5zrB766tKJkTq

Details

Filetype:	URL
Filename:	https://na2.docusign.net/Signing/EmailStart.aspx?a=411d2d60-71ee-4477-b645-ccd87151891a&etti=24&acct=b31151fe-1c65-4015-aade-ea249bb0ede6&er=8c8c89ec-97a5-4f5f-882c-1f8e280db0ce&ensd=OlmiHSbJ0eI9ZkG%2fXULDaodBOGI8IJu%2bHw6FQ6MJzij7aDyjpUTWeytYGpq%2fEBOjTDkWOuiaWcxRrawwnlYKXPH6Fk6EMtNu%2fTwdy7t%2bXYptuLXzPRFx2bwYBDlgm%2fJsIgELi73m%2fMoWXuACiexoKFdy63uKkWu%2fC9YSun8cCbWrY5iSlNo5zrB766tKJkTq

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates files inside the user directory	System Summary	Masquerading
Performs DNS lookups	Networking	Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://na2.docusign.net/Signing/?ti=0ad76c2732f84028a6a7c2f993b05b52

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.214.172

cdn.optimizely.com

104.18.65.57

Details

Name:	cdn.optimizely.com
IP:	104.18.65.57
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.186.68

Details

Name:	www.google.com
IP:	142.250.186.68
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

api.mixpanel.com

107.178.240.159

Details

Name:	api.mixpanel.com
IP:	107.178.240.159
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

arya-1323461286.us-west-2.elb.amazonaws.com

52.33.142.237

a.docusign.com

unknown

docucdn-a.akamaihd.net

unknown

na2.docusign.net

unknown

Details

Name:	na2.docusign.net
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

142.250.186.68

www.google.com

United States

142.250.185.78

unknown

United States

104.18.66.57

unknown

United States

162.248.185.182

unknown

United States

1.1.1.1

unknown

Australia

108.177.15.84

unknown

United States

162.248.185.183

unknown

United States

130.211.34.183

unknown

United States

104.18.65.57

cdn.optimizely.com

United States

216.58.212.131

unknown

United States

192.168.2.17

unknown

192.168.2.18

unknown

142.250.185.202

unknown

United States

52.33.142.237

arya-1323461286.us-west-2.elb.amazonaws.com

United States

107.178.240.159

api.mixpanel.com

United States

239.255.255.250

unknown

Reserved

142.250.185.131

unknown

United States

88.221.110.137

unknown

European Union

142.250.184.238

unknown

United States

35.82.118.181

unknown

United States

172.217.16.196

unknown

United States

95.101.54.105

unknown

European Union

There are 12 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

URLs

Domains

IPs