IOC Report
http://161-35-123-255.ipv4.staticdns3.io/

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 67

gzip compressed data, from Unix, original size modulo 2^32 336738

downloaded

Chrome Cache Entry: 68

PNG image data, 1832 x 298, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 69

ASCII text, with very long lines (47960)

dropped

Chrome Cache Entry: 70

Web Open Font Format (Version 2), TrueType, length 35904, version 1.0

downloaded

Chrome Cache Entry: 71

PNG image data, 1832 x 298, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 72

RIFF (little-endian) data, Web/P image, VP8 encoding, 1921x1081, Scaling: [none]x[none], YUV color, decoders should clamp

dropped

Chrome Cache Entry: 73

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 74

RIFF (little-endian) data, Web/P image, VP8 encoding, 1921x1081, Scaling: [none]x[none], YUV color, decoders should clamp

downloaded

Chrome Cache Entry: 75

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 76

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 77

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 78

gzip compressed data, from Unix, original size modulo 2^32 173557

downloaded

Chrome Cache Entry: 79

HTML document, ASCII text

downloaded

Chrome Cache Entry: 80

ASCII text, with very long lines (47960)

downloaded

Chrome Cache Entry: 81

gzip compressed data, from Unix, original size modulo 2^32 173557

dropped

Chrome Cache Entry: 82

gzip compressed data, from Unix, original size modulo 2^32 71976

downloaded

Chrome Cache Entry: 83

gzip compressed data, from Unix, original size modulo 2^32 4732

downloaded

There are 14 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	728
Target ID:	0
Parent PID:	5732
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:42:18
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4128
Target ID:	2
Parent PID:	728
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:42:21
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://161-35-123-255.ipv4.staticdns3.io/"

Details

Is windows:	true
Is dropped:	false
PID:	2436
Target ID:	3
Parent PID:	5732
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://161-35-123-255.ipv4.staticdns3.io/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	18:42:27
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

http://161-35-123-255.ipv4.staticdns3.io/

http://161-35-123-255.ipv4.staticdns3.io/css/styles.css

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/img/logo.png

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/assets/Valida_Digito_Verificador.js

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/img/background.webp

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/js/jquery.min.js

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/css/style.css

161.35.123.255

http://161-35-123-255.ipv4.staticdns3.io/

http://161-35-123-255.ipv4.staticdns3.io/img/favicon-16x16.png

161.35.123.255

https://cdn.jsdelivr.net/npm/sweetalert2@11

151.101.65.229

Domains

Name

IP

Malicious

161-35-123-255.ipv4.staticdns3.io

161.35.123.255

Details

Name:	161-35-123-255.ipv4.staticdns3.io
IP:	161.35.123.255
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
AI detected suspicious URL	Phishing	Browser Extensions
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

jsdelivr.map.fastly.net

151.101.65.229

www.google.com

142.250.186.132

Details

Name:	www.google.com
IP:	142.250.186.132
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

cdn.jsdelivr.net

unknown

Details

Name:	cdn.jsdelivr.net
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

IP

Domain

Country

Malicious

161.35.123.255

161-35-123-255.ipv4.staticdns3.io

United States

151.101.1.229

unknown

United States

151.101.65.229

jsdelivr.map.fastly.net

United States

192.168.2.4

unknown

unknown

192.168.2.5

unknown

unknown

239.255.255.250

unknown

Reserved

142.250.186.132

www.google.com

United States

DOM / HTML

URL

Malicious

http://161-35-123-255.ipv4.staticdns3.io/

http://161-35-123-255.ipv4.staticdns3.io/

http://161-35-123-255.ipv4.staticdns3.io/