Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 44

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

downloaded

Details

File:	Chrome Cache Entry: 44
Category:	downloaded
Dump:	chromecache_44.2.dr
ID:	dr_3
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Entropy:	7.917366245670385
Encrypted:	false
Ssdeep:	1536:KQenmqrioNl5K81m8tFykTZLuX05whZPI0N9FftS9z4:xSuoN28w4ICZKX8wjXNLId4
Size:	70075
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 45

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3

downloaded

Details

File:	Chrome Cache Entry: 45
Category:	downloaded
Dump:	chromecache_45.2.dr
ID:	dr_4
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3
Entropy:	7.942409681103454
Encrypted:	false
Ssdeep:	1536:mhaLoz+vqpt+0yQ8rsmaES25p1pqgyFruS:mgLoz+vNQsN3qJuS
Size:	58819
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 46

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

dropped

Details

File:	Chrome Cache Entry: 46
Category:	dropped
Dump:	chromecache_46.2.dr
ID:	dr_2
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Entropy:	7.917366245670385
Encrypted:	false
Ssdeep:	1536:KQenmqrioNl5K81m8tFykTZLuX05whZPI0N9FftS9z4:xSuoN28w4ICZKX8wjXNLId4
Size:	70075
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4916
Target ID:	0
Parent PID:	1364
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:25:41
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,10283009642975068563,18317178896216016107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2128
Target ID:	2
Parent PID:	4916
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,10283009642975068563,18317178896216016107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:25:44
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg"

Details

Is windows:	true
Is dropped:	false
PID:	6464
Target ID:	3
Parent PID:	1364
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:25:46
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

IP

Malicious

http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Details

Filetype:	URL
Filename:	http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Signature Hits	Behavior Group	Mitre Attack
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Ingress Tool Transfer
HTML page is missing a favicon	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol Application Layer Protocol
Spawns processes	System Summary	Process Injection
Uses HTTPS	Networking	Encrypted Channel
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Details

Name:	https://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
HTML page is missing a favicon	Phishing

https://siliconeer.com/favicon.ico

162.241.248.14

http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

162.241.248.14

Details

Name:	http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg
IP:	162.241.248.14
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

IP

Malicious

siliconeer.com

162.241.248.14

Details

Name:	siliconeer.com
IP:	162.241.248.14
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

172.253.62.105

fp2e7a.wpc.phicdn.net

192.229.211.108

IPs

IP

Domain

Country

Malicious

239.255.255.250

unknown

Reserved

162.241.248.14

siliconeer.com

United States

172.253.62.105

www.google.com

United States

192.168.2.4

unknown

DOM / HTML

URL

Malicious

https://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://siliconeer.com/current/wp-content/uploads/2020/07/harsh-chhaya-i-have-nothing-against-working-in-a-tv-show.jpg