Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	5924
Target ID:	0
Parent PID:	2944
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:22:45
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,5874812371822322334,2225953221869786979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4484
Target ID:	2
Parent PID:	5924
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,5874812371822322334,2225953221869786979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:22:48
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/"

Details

Is windows:	true
Is dropped:	false
PID:	6508
Target ID:	3
Parent PID:	2944
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:22:52
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/

https://web.leitz-cloud.com/auth/login/?domain=abtax-Steuerberatung&next=%2Fshares%2Ffolder%2Fk11NnLCmDNb%2F%3F

https://gravatar.com/avatar/

unknown

https://web.leitz-cloud.com/api/2/person

2.58.164.9

https://web.leitz-cloud.com/static/themes/default/images/svg/sidebar.js

2.58.164.9

https://web.leitz-cloud.com/auth/login/

https://piwik.org/free-software/bsd/

unknown

https://web.leitz-cloud.com/static/gen/main.ed99ea6b.min.css

2.58.164.9

https://analytics.vboxx.eu/matomo.js

2.58.165.70

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=0eVsvC&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F

2.58.165.70

https://web.leitz-cloud.com/static/bootstrap/dist/fonts/sourcesanspro-light.woff2

2.58.164.9

https://github.com/select2/select2/blob/master/LICENSE.md

unknown

https://web.leitz-cloud.com/sites/1/branding/logo

2.58.164.9

https://www.youtube.com/iframe_api

unknown

https://analytics.vboxx.eu/matomo.php?action_name=Passwort%20vergessen&idsite=33&rec=1&r=724701&h=8&m=23&s=58&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=9zYqZ8&fa_pv=1&fa_fp[0][fa_vid]=McZrQa&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=525&pf_srv=463&pf_tfr=2&pf_dm1=544&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

http://jqueryui.com)

unknown

https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers

unknown

https://analytics.vboxx.eu/matomo.php?action_name=Einloggen&idsite=33&rec=1&r=204970&h=8&m=23&s=34&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=TCHRDo&fa_pv=1&fa_fp[0][fa_vid]=e65TJF&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=0&pf_srv=249&pf_tfr=36&pf_dm1=541&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

https://github.com/matomo-org/matomo/blob/master/js/piwik.js

unknown

https://web.leitz-cloud.com/sites/1/branding/icon/

2.58.164.9

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=WgIqI3&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F

2.58.165.70

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=TvJd9S&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F

2.58.165.70

https://analytics.vboxx.eu/matomo.php?action_name=Einloggen&idsite=33&rec=1&r=448950&h=8&m=23&s=3&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F%3Fdomain%3Dabtax-Steuerberatung%26next%3D%2Fshares%2Ffolder%2Fk11NnLCmDNb%2F%3F&_id=1d7f1cb1d782f35f&_idn=1&send_image=0&_refts=0&pv_id=s2EsOK&fa_pv=1&fa_fp[0][fa_vid]=pv5G4q&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=0&pf_srv=328&pf_tfr=2&pf_dm1=4480&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

https://analytics.vboxx.eu/matomo.php?action_name=Kontowiederherstellung&idsite=33&rec=1&r=310271&h=8&m=23&s=46&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2Frecovery%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=LGr2Y2&fa_pv=1&fa_fp[0][fa_vid]=fTrLsE&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=539&pf_srv=453&pf_tfr=1&pf_dm1=745&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://w.soundcloud.com/player/api.js

unknown

https://web.leitz-cloud.com/static/bootstrap/dist/fonts/sourcesanspro-regular.woff2

2.58.164.9

https://web.leitz-cloud.com/static/gen/main.52b56941.min.js

2.58.164.9

https://developer.matomo.org/api-reference/tracking-javascript

unknown

https://web.leitz-cloud.com/static/bootstrap/dist/fonts/sourcesanspro-semibold.woff2

2.58.164.9

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=RUPzzJ&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2Frecovery%2F

2.58.165.70

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=SwQQnj&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F

2.58.165.70

https://www.innocraft.com/license

unknown

https://web.leitz-cloud.com/auth/login/recovery/

https://web.leitz-cloud.com/static/vendor/select2-4.0.3/dist/js/i18n/de.js?v=3.6.0.117

2.58.164.9

https://web.leitz-cloud.com/auth/forgot/

https://analytics.vboxx.eu/matomo.php?action_name=Passwort%20vergessen&idsite=33&rec=1&r=562126&h=8&m=23&s=30&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=21iyUu&fa_pv=1&fa_fp[0][fa_vid]=yu2AXf&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=529&pf_srv=482&pf_tfr=3&pf_dm1=477&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

https://piwik.org

unknown

https://www.innocraft.com/

unknown

https://web.leitz-cloud.com/custom/styles.css?v=3.6.0.117

2.58.164.9

https://analytics.vboxx.eu/matomo.php?action_name=Passwort%20vergessen&idsite=33&rec=1&r=771846&h=8&m=23&s=14&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=MzNZPV&fa_pv=1&fa_fp[0][fa_vid]=0bnpR5&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=522&pf_srv=497&pf_tfr=2&pf_dm1=251&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/

2.58.164.9

https://web.leitz-cloud.com/static/bootstrap/dist/fonts/axcient-iconfont.ttf?avds6c

2.58.164.9

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=ToyWF0&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F%3Fdomain%3Dabtax-Steuerberatung%26next%3D%2Fshares%2Ffolder%2Fk11NnLCmDNb%2F%3F

2.58.165.70

https://web.leitz-cloud.com/static/themes/default/images/svg/lottie.js

2.58.164.9

https://web.leitz-cloud.com/static/themes/default/images/svg/custom_script.js

2.58.164.9

https://web.leitz-cloud.com/static/gen/main_header.cf07ee37.min.js

2.58.164.9

https://analytics.vboxx.eu/matomo.php

2.58.165.70

https://analytics.vboxx.eu/plugins/HeatmapSessionRecording/configs.php?idsite=33&trackerid=z99seb&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Fforgot%2F

2.58.165.70

https://analytics.vboxx.eu/matomo.php?action_name=Einloggen&idsite=33&rec=1&r=032852&h=8&m=23&s=18&url=https%3A%2F%2Fweb.leitz-cloud.com%2Fauth%2Flogin%2F&_id=1d7f1cb1d782f35f&_idn=0&send_image=0&_refts=0&pv_id=FK8JTu&fa_pv=1&fa_fp[0][fa_vid]=bf6zEM&fa_fp[0][fa_id]=valid&fa_fp[0][fa_fv]=1&pf_net=0&pf_srv=294&pf_tfr=2&pf_dm1=301&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024

2.58.165.70

https://web.leitz-cloud.com/auth/login/?clear_cookie=1

2.58.164.9

https://web.leitz-cloud.com/static/js/translations/de.js?v=3.6.0.117

2.58.164.9

https://web.leitz-cloud.com/static/themes/default/images/svg/right-arrow.png

2.58.164.9

There are 42 hidden URLs, click here to show them.

Domains

Name

Malicious

www.google.com

142.250.105.103

Details

Name:	www.google.com
IP:	142.250.105.103
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

web.leitz-cloud.com

2.58.164.9

Details

Name:	web.leitz-cloud.com
IP:	2.58.164.9
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

analytics.vboxx.eu

2.58.165.70

Details

Name:	analytics.vboxx.eu
IP:	2.58.165.70
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.211.108

IPs

Domain

Country

Malicious

2.58.164.9

web.leitz-cloud.com

Netherlands

2.58.165.70

analytics.vboxx.eu

Netherlands

239.255.255.250

unknown

Reserved

192.168.2.16

unknown

192.168.2.4

unknown

142.250.105.103

www.google.com

United States

DOM / HTML

URL

Malicious

https://web.leitz-cloud.com/auth/login/?domain=abtax-Steuerberatung&next=%2Fshares%2Ffolder%2Fk11NnLCmDNb%2F%3F

https://web.leitz-cloud.com/auth/forgot/

https://web.leitz-cloud.com/auth/login/

https://web.leitz-cloud.com/auth/login/recovery/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://web.leitz-cloud.com/shares/folder/k11NnLCmDNb/