Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9881634588090558
Encrypted:	false
Ssdeep:	48:8X34WdDTA7FCsHIidAKZdA1JehwiZUklqeh9y+3:8Hzc8ey
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.004348998365871
Encrypted:	false
Ssdeep:	48:8U4WdDTA7FCsHIidAKZdA10eh/iZUkAQkqehOy+2:8Uzc+9Qry
Size:	2679
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.013962467055464
Encrypted:	false
Ssdeep:	48:8e4WdDTA7FjHIidAKZdA14tIeh7sFiZUkmgqeh7ssy+BX:8ezcsnKy
Size:	2693
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.003270119519578
Encrypted:	false
Ssdeep:	48:844WdDTA7FCsHIidAKZdA1behDiZUkwqehiy+R:84zcVky
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9920267980277306
Encrypted:	false
Ssdeep:	48:8U4WdDTA7FCsHIidAKZdA1VehBiZUk1W1qehYy+C:8UzcF94y
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:26:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.0058476430131575
Encrypted:	false
Ssdeep:	48:8WQ4WdDTA7FCsHIidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbKy+yT+:8XzcFTTTbxWOvTbKy7T
Size:	2683
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Chrome Cache Entry: 66

HTML document, ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 66
Category:	downloaded
Dump:	chromecache_66.1.dr
ID:	dr_8
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with CRLF line terminators
Entropy:	4.688532577858027
Encrypted:	false
Ssdeep:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
Size:	548
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 67

HTML document, ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 67
Category:	downloaded
Dump:	chromecache_67.1.dr
ID:	dr_9
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with CRLF line terminators
Entropy:	4.688532577858027
Encrypted:	false
Ssdeep:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
Size:	548
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://funcallback.com/

Details

Is windows:	true
Is dropped:	false
PID:	1100
Target ID:	0
Parent PID:	2984
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://funcallback.com/
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	12:26:25
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6f10000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1908,i,7132797458047538153,14976899147334223984,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5752
Target ID:	1
Parent PID:	1100
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1908,i,7132797458047538153,14976899147334223984,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	12:26:25
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6f10000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://funcallback.com

https://funcallback.com/favicon.ico

31.41.44.109

http://debasesingle.life/

31.41.44.109

https://debasesingle.life/favicon.ico

31.41.44.109

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdeba&oit=3&cp=12&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://debasesingle.life/9hFXWz7M

https://debasesingle.life/a

https://debasesingle.life/*

https://funcallback.com/all

https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgSaEGkkGMW9o7EGIjDoaiqIgJym7mPXMuk64a2_ECOop8aSMKF9PeWRy-JzRSbFSHqdq-5U6e7Bbe2Sn4MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.141.106

https://debasesingle.life/9FGNGFNF

https://debasesingle.life/9FGN

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fde&oit=3&cp=10&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesi&oit=3&cp=16&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://debasesingle.life/9FGNGFNFGJ

https://debasesingle.life/INDEX.PHP

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesingle.&oit=3&cp=21&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgSaEGkkGPq8o7EGIjCPZ7mLrGZOjiilg62h20hakliyrRjoptyj-G79OVFIZsyqFvdYeoEJ4nuR2vvBQHMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesingle.lif&oit=3&cp=24&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://funcallback.com/dsfdsfsgf

https://funcallback.com/index

https://debasesingle.life/aDF

https://funcallback.com/

https://debasesingle.life/all

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Ff&oit=3&cp=9&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesingle.life&oit=3&cp=25&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://funcallback.com/home

https://debasesingle.life/

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdeb&oit=3&cp=11&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesingle&oit=3&cp=20&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgSaEGkkGIm9o7EGIjCr71g2DaGKX03zfbOMRvZGitgHQ5gSzz1_UmYnoZc9EYAOncPgEW9ebhFc9F3QvQIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.141.106

https://debasesingle.life/9hFAWz7M

https://debasesingle.life/INDEX

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebasesin&oit=3&cp=17&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fdebases&oit=3&cp=15&pgcl=4&gs_rn=42&psi=OhtPKuyMOBZH1AHQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.141.106

https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgSaEGkkGO28o7EGIjDtljd6pm1ZWjTPyWP32HQBGX3sXwOJ767OIF2wF2ku1c4DUPfehf0hMaorp38NKnIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.141.106

There are 26 hidden URLs, click here to show them.

Domains

Name

Malicious

funcallback.com

31.41.44.109

Details

Name:	funcallback.com
IP:	31.41.44.109
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

debasesingle.life

31.41.44.109

Details

Name:	debasesingle.life
IP:	31.41.44.109
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

www.google.com

142.250.141.106

Details

Name:	www.google.com
IP:	142.250.141.106
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

Domain

Country

Malicious

31.41.44.109

funcallback.com

Russian Federation

Details

IP:	31.41.44.109
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	56577
ASN name:	ASRELINKRU
Private:	false
Domain:	funcallback.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

192.168.2.17

unknown

192.168.2.6

unknown

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

192.168.2.13

unknown

192.168.2.23

unknown

142.250.141.106

www.google.com

United States

DOM / HTML

URL

Malicious

https://funcallback.com/

https://debasesingle.life/

https://debasesingle.life/9hFXWz7M

https://debasesingle.life/9hFAWz7M

https://debasesingle.life/9FGNGFNFGJ

https://debasesingle.life/9FGNGFNF

https://debasesingle.life/9FGN

https://debasesingle.life/a

https://debasesingle.life/aDF

https://debasesingle.life/*

https://debasesingle.life/INDEX.PHP

https://debasesingle.life/INDEX

https://debasesingle.life/all

https://funcallback.com/dsfdsfsgf

https://funcallback.com/home

https://funcallback.com/index

https://funcallback.com/all

There are 7 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://funcallback.com

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://funcallback.com

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://funcallback.com