Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.986245490794634
Encrypted:	false
Ssdeep:	48:8XdATk8IHPAidAKZdA1FehwiZUklqehHMy+3:8CPzmMy
Size:	2673
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.004581062514969
Encrypted:	false
Ssdeep:	48:8YdATk8IHPAidAKZdA1seh/iZUkAQkqehWMy+2:83Pd9QBMy
Size:	2675
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.009335109373197
Encrypted:	false
Ssdeep:	48:8AdATk8AHPAidAKZdA14meh7sFiZUkmgqeh7sgMy+BX:8PPZnqMy
Size:	2689
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.001002382161717
Encrypted:	false
Ssdeep:	48:8HdATk8IHPAidAKZdA1TehDiZUkwqehyMy+R:8SPuIMy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.989338172301008
Encrypted:	false
Ssdeep:	48:8bdATk8IHPAidAKZdA1dehBiZUk1W1qeh0My+C:8mP+9UMy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	4.002391413718334
Encrypted:	false
Ssdeep:	48:8XedATk8IHPAidAKZdA1duTeehOuTbbiZUk5OjqehOuTbqMy+yT+:8lP0TfTbxWOvTbqMy7T
Size:	2679
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Chrome Cache Entry: 56

ASCII text, with no line terminators

downloaded

Details

File:	Chrome Cache Entry: 56
Category:	downloaded
Dump:	chromecache_56.1.dr
ID:	dr_8
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with no line terminators
Entropy:	3.625
Encrypted:	false
Ssdeep:	3:HfTORnYn:qRnY
Size:	16
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 57

HTML document, ASCII text, with very long lines (58373)

downloaded

Details

File:	Chrome Cache Entry: 57
Category:	downloaded
Dump:	chromecache_57.1.dr
ID:	dr_9
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (58373)
Entropy:	6.068234298881708
Encrypted:	false
Ssdeep:	24576:h9AEPd71sejxej4PW8SI1ji4GS3EaAYsSYwcqF7OMqfuLNCDDQt:3selesPb7exSYwcqE5mZCfQt
Size:	1251850
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.id.vn/GrONN

Details

Is windows:	true
Is dropped:	false
PID:	7000
Target ID:	0
Parent PID:	3432
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.id.vn/GrONN
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:22:15
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4212
Target ID:	1
Parent PID:	7000
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:22:15
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f9810000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://link.id.vn/GrONN

https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27

https://fontawesome.com

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

https://avenidaconsumo.com/about/privacy

unknown

http://opensource.org/licenses/MIT

unknown

https://animate.style/

unknown

https://link.id.vn/GrONN

101.99.3.118

https://getbootstrap.com/)

unknown

about:blank

https://singingfiles.com/show.php?l=0&u=2034900&id=49804

unknown

https://fontawesome.com/license/free

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

tieungaovolam.top

103.200.23.120

Details

Name:	tieungaovolam.top
IP:	103.200.23.120
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

link.id.vn

101.99.3.118

Details

Name:	link.id.vn
IP:	101.99.3.118
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.105.147

IPs

Domain

Country

Malicious

103.200.23.120

tieungaovolam.top

Viet Nam

239.255.255.250

unknown

Reserved

192.168.2.16

unknown

101.99.3.118

link.id.vn

Viet Nam

142.250.105.147

www.google.com

United States

DOM / HTML

URL

Malicious

about:blank

https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://link.id.vn/GrONN

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://link.id.vn/GrONN

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://link.id.vn/GrONN