Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	888
Target ID:	0
Parent PID:	3636
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:07:24
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,6569138761283009151,2969496892156393424,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6032
Target ID:	2
Parent PID:	888
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1984,i,6569138761283009151,2969496892156393424,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:07:27
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699"

Details

Is windows:	true
Is dropped:	false
PID:	6480
Target ID:	3
Parent PID:	3636
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:07:29
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699

https://use.fontawesome.com/releases/v5.15.4/css/brands.css

unknown

https://stcdn.leadconnectorhq.com/_preview/Attributions.a992ca4f.js

172.67.68.104

https://use.fontawesome.com/releases/v5.15.4/css/solid.css

unknown

https://stcdn.leadconnectorhq.com/_preview/MoonLoader.0a6865e7.js

unknown

https://stcdn.leadconnectorhq.com/funnel/store/ticket-02.svg

unknown

https://services.leadconnectorhq.com/stats/event

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/HLImage.vue.9944e01a.js

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/Button.7b5f0a86.js

172.67.68.104

https://stcdn.leadconnectorhq.com/funnel/icon/favicon.ico

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/helpers.516d54b1.js

172.67.68.104

https://images.leadconnectorhq.com/image/f_webp/q_80/r_1200/u_https://assets.cdn.filesafe.space/FHIQdcfFLN3LxwOvghjs/media/65779726ea9b904b20775a8c.png

104.26.2.172

https://stcdn.leadconnectorhq.com/funnel/store/payment-warning.svg

unknown

https://services.leadconnectorhq.com/attribution_service/user_session_v3/create_session

172.67.68.104

https://js.stripe.com/v3

unknown

https://fontawesome.com/license/free

unknown

https://fontawesome.com

unknown

https://stcdn.leadconnectorhq.com/_preview/TextRenderer.0c6a2349.js

unknown

https://stcdn.leadconnectorhq.com/_preview/index.5bf189bd.js

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/client-only.7bef1548.js

172.67.68.104

https://assets.cdn.filesafe.space/FHIQdcfFLN3LxwOvghjs/media/65bc06db748da713b8d7e0f6.png

unknown

https://cdn.filesafe.space

unknown

https://fonts.bunny.net/css

unknown

https://services.leadconnectorhq.com/appengine

unknown

https://stcdn.leadconnectorhq.com/_preview/HLImage.28d4f335.js

unknown

https://stcdn.leadconnectorhq.com/_preview/default.045625b6.js

172.67.68.104

https://images.leadconnectorhq.com/image/f_webp/q_80/r_1200/u_https://assets.cdn.filesafe.space/FHIQdcfFLN3LxwOvghjs/media/65f9c38aed6e81b4bc4ba363.png

104.26.2.172

https://stcdn.leadconnectorhq.com/_preview/entry.92db9560.js

172.67.68.104

https://apisystem.tech

unknown

https://stcdn.leadconnectorhq.com/funnel/store/edit-01.svg

unknown

https://stcdn.leadconnectorhq.com/funnel/store/video-placeholder.png

unknown

https://stcdn.leadconnectorhq.com/funnel/store/close.svg

unknown

https://assets.cdn.msgsndr.com

unknown

https://stcdn.leadconnectorhq.com/_preview/HtmlPreview.vue.d7005fb2.js

172.67.68.104

https://stcdn.leadconnectorhq.com/funnel/store/default-product-image.svg

unknown

https://stcdn.leadconnectorhq.com/

unknown

https://stcdn.leadconnectorhq.com/funnel/store/check.svg

unknown

https://use.fontawesome.com/releases/v5.15.4/css/regular.css

unknown

https://stcdn.leadconnectorhq.com/_preview/orderform_helpers.6f14ff9c.js

172.67.68.104

https://services.leadconnectorhq.com

unknown

https://stcdn.leadconnectorhq.com/_preview/Button.f71da64a.css

172.67.68.104

https://a.nel.cloudflare.com/report/v4?s=FIKyWwrBtug9IdWHDal8v%2FrHDZKCKZAYKVXSQLA2UgbMvnbgCguE54GZIrg7L8c6LaX%2BDKcHbnaTeSJSQ2%2FbKaDOURiF%2FKdL1YE9uyml4%2BtU4OBco4BRlXqWIBIlqDF9v0REE5Hl%2F3vqD67jhWc%3D

35.190.80.1

https://stcdn.leadconnectorhq.com/_preview/MoonLoader.vue.5bcae7da.js

172.67.68.104

https://cdn.msgsndr.com

unknown

https://stcdn.leadconnectorhq.com/_preview/FunnelServices.e9cbc31d.js

172.67.68.104

https://stcdn.leadconnectorhq.com/funnel/store/arrow-right.svg

unknown

https://jstest.authorize.net/v1/Accept.js

unknown

https://services.leadconnectorhq.com/appengine/reviews/get_widget/

unknown

https://stcdn.leadconnectorhq.com/_preview/funnel_event_helper.1dcd8c6a.js

172.67.68.104

https://stcdn.leadconnectorhq.com/funnel/store/empty-list.svg

unknown

https://js.authorize.net/v1/Accept.js

unknown

https://cxblueprintchallenge.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

162.159.140.166

https://content.apisystem.tech

unknown

https://services.leadconnectorhq.com/ecommerce

unknown

https://stcdn.leadconnectorhq.com/funnel/store/minus.svg

unknown

https://stcdn.leadconnectorhq.com/_preview/am_helper.bd1d1045.js

172.67.68.104

https://cxblueprintchallenge.com/

https://stcdn.leadconnectorhq.com/_preview/HLConst.dfc90e13.js

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/currency_helper.0e2fcc1c.js

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/index.141a8dbe.js

172.67.68.104

https://stcdn.leadconnectorhq.com/_preview/i18n.config.45aa417d.js

172.67.68.104

https://secure.safewebservices.com/token/Collect.js

unknown

https://stcdn.leadconnectorhq.com/funnel/store/empty-cart.svg

unknown

https://stcdn.leadconnectorhq.com/funnel/store/plus.svg

unknown

https://handlebarsjs.com/api-reference/runtime-options.html#options-to-control-prototype-access

unknown

https://stcdn.leadconnectorhq.com/_preview/PaymentServices.3db8ff7a.js

172.67.68.104

https://assets.cdn.filesafe.space

unknown

https://stcdn.leadconnectorhq.com/_preview/index.7aeef75e.js

172.67.68.104

https://images.leadconnectorhq.com

unknown

There are 58 hidden URLs, click here to show them.

Domains

Name

Malicious

services.leadconnectorhq.com

172.67.68.104

bg.microsoft.map.fastly.net

199.232.210.172

a.nel.cloudflare.com

35.190.80.1

cxblueprintchallenge.com

162.159.140.166

www.google.com

74.125.138.147

stcdn.leadconnectorhq.com

172.67.68.104

images.leadconnectorhq.com

104.26.2.172

fp2e7a.wpc.phicdn.net

192.229.211.108

use.fontawesome.com

unknown

solidrockco.us18.list-manage.com

unknown

IPs

Domain

Country

Malicious

74.125.138.147

www.google.com

United States

104.26.2.172

images.leadconnectorhq.com

United States

162.159.140.166

cxblueprintchallenge.com

United States

192.168.2.4

unknown

172.67.68.104

services.leadconnectorhq.com

United States

239.255.255.250

unknown

Reserved

35.190.80.1

a.nel.cloudflare.com

United States

DOM / HTML

URL

Malicious

https://cxblueprintchallenge.com/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://solidrockco.us18.list-manage.com/track/click?u=38ac31efab920b9731f032d8a&id=13e4aec907&e=d7bf95e699