Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.983098173237808
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9971419481666
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.007397819730879
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9971822367450662
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.985903678732733
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:03:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9950667903617263
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

https://ffgvao.icu/

https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOr9lrAGIjA6niKZ2xA1U5TuUEGf7ci7VzWS36L7fGJWhMCmfK4ajHLszoEW9QJL2uUbKibz9YYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=7G_I90WVIT0ph3DEYwAaUgzVIZQ0KcpLW22xhF2vZaFLpudgFykbYwT4JVpvQ7SsL7YCj_Vmq5bM8ceOkJc4dh_8L-RM_eUCWIYQWufWQe9Ipaa7RaqIRSTD8dcXTxtZG5bMbSK_tN0MlWw14-AkNXNjHZlwW7ScJqBWwSWREwi3JWpaDQx6r6XeHgANfM_ivPvG65JL2FvoKLpH0zI3uSyWnLtP87kM5NruEtKjmvs0viImqtuox7UwzsEhSUBOGXiTeNRbsD0M5RtrPH63MpX74NGi3pA&cb=4n3yn4km4gtj

http://ffgvao.icu/favicon.ico

185.172.128.161

https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGLP-lrAGIjA1Mz3BEs_xoJryIp7HOkG2gt8lIhNNZ8x9r5YKoP9ma1Ny2OPrURZTNdWGvOgT1MQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=c_b0AEvU33DjgEB-PqOITzwDq9M5fSQgrUjyTjlxuZhg44w2boP_yazekcmz1XNKSB4vaGkL698OPdzCiikrLclSYq5_T-EmNOZuZ1wYVuBAz9AcEtG7M6Ww2ruX4L9ov-5DpyyX4JEtuG1Cy_VVTifYmyjcaoDVPUNDXgRj2uGWvt_Gui1ACSvZltHa0XdyzW44r2C3A9jns6ocAYKAGbjf9IbRd1KcMXJnOs7Ku12v7BrwaK4p-9_XzmopPgXVs7-6NqZwnuccebs1hQxl5ehwbqp_jXg&cb=txzc7zfol21v

http://ffgvao.icu/

https://bih.itirche.com/JvAI/

https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b

about:blank

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=g5ORuGKFmXM3xarUc4akHMDS8VUxj7V2c5j6Snl2oCfLbht8LZ_UGRR6Q61U1L_1_vzxjkNTAMvmSr92SdktzZ-5OeiR6OAPI6LA1VmOTxaeXRvOo21BsRQOOdBF32IPCOgusKyC5pIdV-lsgmg7Bf8EHkNWeKciSnqaMYKv88ymDXu2JEtouyyvwcP2bxYYdzZeok-z3FfIIeWPzD3a6KBjYjXB0iwpYfzCvJXDT1uWrNHU-EzqvZXQ69_238tskqm0HTlWJIbBCGQI3RDOmEOuNjfZgTI&cb=url5ejveckuf

https://ffgvao.icu/

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

ffgvao.icu

185.172.128.161

Details

Name:	ffgvao.icu
IP:	185.172.128.161
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

a.nel.cloudflare.com

35.190.80.1

vzh.081zq.com

172.67.150.235

www.google.com

172.253.63.105

bih.itirche.com

104.21.86.207

dahs.25bvnw8.ru

172.67.197.249

IPs

Domain

Country

Malicious

172.253.122.139

unknown

United States

104.21.86.207

bih.itirche.com

United States

1.1.1.1

unknown

Australia

142.251.111.95

unknown

United States

172.253.62.94

unknown

United States

142.251.16.103

unknown

United States

192.168.2.16

unknown

172.253.63.105

www.google.com

United States

172.253.63.94

unknown

United States

172.253.62.84

unknown

United States

185.172.128.161

ffgvao.icu

Russian Federation

172.67.150.235

vzh.081zq.com

United States

172.67.197.249

dahs.25bvnw8.ru

United States

239.255.255.250

unknown

Reserved

172.253.115.103

unknown

United States

142.250.31.94

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

142.251.163.94

unknown

United States

172.253.115.94

unknown

United States

172.253.62.102

unknown

United States

There are 10 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://ffgvao.icu/

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://ffgvao.icu/

Files

URLs

Domains

IPs

IOC Report
https://ffgvao.icu/