Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	332
Target ID:	0
Parent PID:	4208
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	03:29:49
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,2194234812516978810,3701196606030679472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3332
Target ID:	2
Parent PID:	332
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,2194234812516978810,3701196606030679472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	03:29:53
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483"

Details

Is windows:	true
Is dropped:	false
PID:	6352
Target ID:	3
Parent PID:	4208
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	03:29:56
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483

https://qhs-rx.com/assets/js/knockout.min.js?av=9ec570bf

69.64.48.35

https://github.com/lipis/bootstrap-social

unknown

http://fontawesome.io

unknown

https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483

https://github.com/google/material-design-icons

unknown

https://www.mailwizz.com/

unknown

https://qhs-rx.com/assets/js/notify.js?av=9ec570bf

69.64.48.35

https://www.mailwizz.com/license/

unknown

https://qhs-rx.com/frontend/assets/cache/591dbfd1/jquery.min.js

69.64.48.35

https://twitter.com/benjsperry

unknown

https://www.mailwizz.com)

unknown

https://qhs-rx.com/assets/css/adminlte.css?av=9ec570bf

69.64.48.35

http://knockoutjs.com/

unknown

http://opensource.org/licenses/MIT

unknown

http://ionicons.com/

unknown

https://qhs-rx.com/assets/css/skin-blue.css?av=9ec570bf

69.64.48.35

https://qhs-rx.com/assets/js/cookie.js?av=9ec570bf

69.64.48.35

http://www.json.org/json2.js

unknown

https://github.com/driftyco/ionicons

unknown

https://twitter.com/ionicframework

unknown

http://fontawesome.io/license

unknown

https://qhs-rx.com/frontend/assets/css/style.css?av=9ec570bf

69.64.48.35

http://www.opensource.org/licenses/mit-license.php)

unknown

https://qhs-rx.com/assets/js/app.js?av=9ec570bf

69.64.48.35

https://qhs-rx.com/assets/js/bootstrap.min.js?av=9ec570bf

69.64.48.35

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css?av=9ec570bf

104.17.25.14

https://qhs-rx.com/assets/js/adminlte.js?av=9ec570bf

69.64.48.35

http://getbootstrap.com)

unknown

http://www.almsaeedstudio.com

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

https://qhs-rx.com/frontend/assets/js/app.js?av=9ec570bf

69.64.48.35

https://github.com/js-cookie/js-cookie

unknown

https://qhs-rx.com/assets/css/bootstrap.min.css?av=9ec570bf

69.64.48.35

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css?av=9ec570bf

104.17.25.14

https://qhs-rx.com/favicon.ico

69.64.48.35

http://creativecommons.org/licenses/by/4.0/

unknown

http://almsaeedstudio.com

unknown

There are 27 hidden URLs, click here to show them.

Domains

Name

Malicious

cdnjs.cloudflare.com

104.17.25.14

Details

Name:	cdnjs.cloudflare.com
IP:	104.17.25.14
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.15.196

Details

Name:	www.google.com
IP:	172.217.15.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

qhs-rx.com

69.64.48.35

Details

Name:	qhs-rx.com
IP:	69.64.48.35
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

fp2e7a.wpc.phicdn.net

192.229.211.108

IPs

Domain

Country

Malicious

192.168.2.4

unknown

172.217.15.196

www.google.com

United States

239.255.255.250

unknown

Reserved

69.64.48.35

qhs-rx.com

United States

104.17.25.14

cdnjs.cloudflare.com

United States

DOM / HTML

URL

Malicious

https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://qhs-rx.com/index.php/lists/qf0856g1wm416/unsubscribe/oq197fczd8113/bt706mvd1j483