Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ABvECwUx7cIoZf77BAImyDjWWao.htm

HTML document, ASCII text, with very long lines (64676)

initial sample

Details

Filetype:	HTML document, ASCII text, with very long lines (64676)
Entropy:	5.702532460423688
Filename:	ABvECwUx7cIoZf77BAImyDjWWao.htm
Filesize:	1102782
MD5:	966c62755b8789fbd996626dc0c214f2
SHA1:	e9ab10055634484abbf1df03e11e74ba7d074ef9
SHA256:	2c84ed23337cbb26f0968fc81de12a3f45bf03b9d1a428b8e9b0fb211e7032ed
SHA512:	4a2bbd3e63bd392a683f63cf7eea38c4b2288b76ce54fd156ee46c8820a40a17a2e6ff9e4bc259242a67e29cc94739d228dbd3c0d83c8f26943cba8ddb5359d0
SSDEEP:	24576:ME0Jv6FEMnxTmoZoIR+Y2oTU2vnhQG0Uo4WKoijn74KPJ6jm+2:M/Jv6FEMnxTmoZoIR+Y2oTU2vnhQG0U/
Preview:	<!DOCTYPE html><html id="Atom" lang="fr-FR" dir="ltr"><head><script type="text/javascript" nonce="7IgeGo065lpSAYF/2wWGQfVbIqpfY+UovIeE8fCuvAZkg2qC">. if (. window.ontouchstart !== undefined.

Signature Hits	Behavior Group	Mitre Attack
HTML Script injector detected	Phishing
Suspicious Javascript code found in HTML file	Phishing
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.990394861327367
Encrypted:	false
Size:	2673
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.00776547005381
Encrypted:	false
Size:	2675
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.016790110625893
Encrypted:	false
Size:	2689
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.005914560501746
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.994653742102347
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:36:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.006407666757039
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

URLs

Name

Malicious

file:///C:/Users/user/Desktop/ABvECwUx7cIoZf77BAImyDjWWao.htm

Details

Name:	file:///C:/Users/user/Desktop/ABvECwUx7cIoZf77BAImyDjWWao.htm
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
HTML Script injector detected	Phishing
Suspicious Javascript code found in HTML file	Phishing
Submission file is bigger than most known malware samples	System Summary

https://s.yimg.com/jk/gtm/gtm_ns.html?id=GTM-NVQTVCX&type=yahoo&cat=ybarcta1

https://apis.mail.yahoo.com/ws/v3/mailboxes/@.id==VjN-VIN1UYKhjyOZo9WFPuRwQgeDSgPBkk-eza0YMYG1Ojt5dPKV5_CKjYlIbF_zQK93ThvOwSf3J2bcSTBQuCztSw/messages/@.id==ABvECwUx7cIoZf77BAImyDjWWao/content/parts/@.id==2/refresh?appid=YMailNorrinLaunch&ymreqid=d297ba82-e7b9-3a1f-1c80-cb0000011d00

Details

Name:	https://apis.mail.yahoo.com/ws/v3/mailboxes/@.id==VjN-VIN1UYKhjyOZo9WFPuRwQgeDSgPBkk-eza0YMYG1Ojt5dPKV5_CKjYlIbF_zQK93ThvOwSf3J2bcSTBQuCztSw/messages/@.id==ABvECwUx7cIoZf77BAImyDjWWao/content/parts/@.id==2/refresh?appid=YMailNorrinLaunch&ymreqid=d297ba82-e7b9-3a1f-1c80-cb0000011d00
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing

about:blank

https://8867627.fls.doubleclick.net/activityi;dc_pre=CPHz-Zb1l4UDFVkydgYd5NgJmA;src=8867627;type=yahoo;cat=ybarcta1;ord=5593558338353;gdpr_consent=tcunavailable;npa=0;ps=1;pcor=341983465;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe43r0z8810241813za201;gcs=G1--;gcd=13l3l3l3l5;dma=0;tcfd=10004;epver=2;~oref=https%3A%2F%2Fs.yimg.com%2Fjk%2Fgtm%2Fgtm_ns.html%3Fid%3DGTM-NVQTVCX%26type%3Dyahoo%26cat%3Dybarcta1?

Details

Name:	https://8867627.fls.doubleclick.net/activityi;dc_pre=CPHz-Zb1l4UDFVkydgYd5NgJmA;src=8867627;type=yahoo;cat=ybarcta1;ord=5593558338353;gdpr_consent=tcunavailable;npa=0;ps=1;pcor=341983465;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe43r0z8810241813za201;gcs=G1--;gcd=13l3l3l3l5;dma=0;tcfd=10004;epver=2;~oref=https%3A%2F%2Fs.yimg.com%2Fjk%2Fgtm%2Fgtm_ns.html%3Fid%3DGTM-NVQTVCX%26type%3Dyahoo%26cat%3Dybarcta1?
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing

Domains

Name

Malicious

dart.l.doubleclick.net

172.253.62.148

alb-ext-ingress-group-95161440.us-east-1.elb.amazonaws.com

3.226.230.184

prod-rotation-v2.guce.aws.oath.cloud

52.2.116.152

ad.doubleclick.net

142.251.163.149

ds-ats.member.g02.yahoodns.net

67.195.204.151

adservice.google.com

172.253.62.154

cs550162656.adn.psicdn.net

152.195.55.192

googleads.g.doubleclick.net

142.251.111.155

me-ycpi-cf-www.g06.yahoodns.net

69.147.92.11

www.google.com

142.251.16.147

prod-ash-beacon-1960876484.us-east-1.elb.amazonaws.com

44.218.79.153

edge.gycpi.b.yahoodns.net

69.147.92.12

cs964199420.wpc.mucdn.net

152.199.24.48

consent.cmp.oath.com

unknown

edge-mcdn.secure.yahoo.com

unknown

opus.analytics.yahoo.com

unknown

s.yimg.com

unknown

www.yahoo.com

unknown

beacon.krxd.net

unknown

jsapi.login.yahoo.com

unknown

guce.yahoo.com

unknown

events.xg4ken.com

unknown

8867627.fls.doubleclick.net

unknown

apis.mail.yahoo.com

unknown

There are 14 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

172.253.62.154

adservice.google.com

United States

142.251.111.155

googleads.g.doubleclick.net

United States

172.253.122.148

unknown

United States

1.1.1.1

unknown

Australia

152.199.24.48

cs964199420.wpc.mucdn.net

United States

152.195.55.192

cs550162656.adn.psicdn.net

United States

142.251.16.147

www.google.com

United States

67.195.204.151

ds-ats.member.g02.yahoodns.net

United States

192.168.2.16

unknown

142.251.163.155

unknown

United States

69.147.92.12

edge.gycpi.b.yahoodns.net

United States

69.147.92.11

me-ycpi-cf-www.g06.yahoodns.net

United States

172.253.122.147

unknown

United States

142.251.163.149

ad.doubleclick.net

United States

142.251.16.138

unknown

United States

142.251.167.94

unknown

United States

239.255.255.250

unknown

Reserved

44.218.79.153

prod-ash-beacon-1960876484.us-east-1.elb.amazonaws.com

United States

142.251.16.97

unknown

United States

142.251.179.148

unknown

United States

52.2.116.152

prod-rotation-v2.guce.aws.oath.cloud

United States

3.226.230.184

alb-ext-ingress-group-95161440.us-east-1.elb.amazonaws.com

United States

172.253.62.148

dart.l.doubleclick.net

United States

172.253.115.84

unknown

United States

There are 14 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ABvECwUx7cIoZf77BAImyDjWWao.htm

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportABvECwUx7cIoZf77BAImyDjWWao.htm

Files

URLs

Domains

IPs

IOC Report
ABvECwUx7cIoZf77BAImyDjWWao.htm