Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

POattach.html

HTML document, Unicode text, UTF-8 text, with very long lines (17659), with CRLF line terminators

initial sample

Details

Filetype:	HTML document, Unicode text, UTF-8 text, with very long lines (17659), with CRLF line terminators
Entropy:	6.150142956464395
Filename:	POattach.html
Filesize:	47898
MD5:	ba5c0f66f1111d3c7bb13d790f57c7f4
SHA1:	9553678cc693662628e59a08e74a8ae2ad9c26a8
SHA256:	92fb9e83082d89d00b1ccc01481d7c8a15a31895a91c0cde9761dc0295a5b034
SHA512:	86c09cb43012e9d54c28e3bad55acf7b7f78d0af8e0ad168c0a40f44e49a5f47419fb49af4d6f221f24de2022344eed9f15d696626012542b00b1425ad53bdd5
SSDEEP:	768:9YXY/Gzink/1Yx/8OYhpvZRQkCdOgxJCitbnD4pNOxxWWWWWWJWCzqKgCS853v7X:9YoC0kNYqOGpv4dvxJCi9n4wxxWWWWWU
Preview:	<html xmlns="http://www.w3.org/1999/xhtml">.. <head>.. <script type="text/javascript">function showDiv() { document.getElementById('welcomeDiv').style.display = "block"; document.getElementById('hide_this').style.display = "none";}</script>..

Signature Hits	Behavior Group	Mitre Attack
HTML file submission containing password form	Stealing of Sensitive Information
Phishing site detected (based on image similarity)	Phishing
HTML body contains low number of good links	Phishing
HTML body contains password input but no form action	Phishing
HTML body with high number of embedded images detected	Phishing
HTML title does not match URL	Phishing
None HTTPS page querying sensitive user data (password, username or email)	Phishing
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
URLs found in memory or binary data	Networking

Chrome Cache Entry: 80

ASCII text, with very long lines (771)

downloaded

Details

File:	Chrome Cache Entry: 80
Category:	downloaded
Dump:	chromecache_80.3.dr
ID:	dr_5
Target ID:	3
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (771)
Entropy:	5.147793957765601
Encrypted:	false
Ssdeep:	24:eBC3BHslgT9lCuABuoB7HHHHHHHYqmffffffo:eA3KlgZ01BuSEqmffffffo
Size:	776
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 81

JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3

dropped

Details

File:	Chrome Cache Entry: 81
Category:	dropped
Dump:	chromecache_81.3.dr
ID:	dr_1
Target ID:	3
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3
Entropy:	7.721988384978091
Encrypted:	false
Ssdeep:	768:tEuGxt8VNlBijhYDAgzxnKAZTjrc/6CrKT26vF0RRs:tEuGX8VNlsjhYxc8TCWT26t0Ts
Size:	25062
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 82

ASCII text, with very long lines (50758)

downloaded

Details

File:	Chrome Cache Entry: 82
Category:	downloaded
Dump:	chromecache_82.3.dr
ID:	dr_6
Target ID:	3
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (50758)
Entropy:	5.247253437401007
Encrypted:	false
Ssdeep:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
Size:	51039
Whitelisted:	false
Reputation:	high

Chrome Cache Entry: 83

JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3

downloaded

Details

File:	Chrome Cache Entry: 83
Category:	downloaded
Dump:	chromecache_83.3.dr
ID:	dr_7
Target ID:	3
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x656, components 3
Entropy:	7.721988384978091
Encrypted:	false
Ssdeep:	768:tEuGxt8VNlBijhYDAgzxnKAZTjrc/6CrKT26vF0RRs:tEuGX8VNlsjhYxc8TCWT26t0Ts
Size:	25062
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 84

ASCII text, with very long lines (32065)

downloaded

Details

File:	Chrome Cache Entry: 84
Category:	downloaded
Dump:	chromecache_84.3.dr
ID:	dr_8
Target ID:	3
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (32065)
Entropy:	5.366055229017455
Encrypted:	false
Ssdeep:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
Size:	85578
Whitelisted:	true
Reputation:	high

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\POattach.html"

Details

Is windows:	true
Is dropped:	false
PID:	2744
Target ID:	0
Parent PID:	5968
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\POattach.html"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	14:16:11
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

Details

Is windows:	true
Is dropped:	false
PID:	6280
Target ID:	3
Parent PID:	2744
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1992,i,4275330503968366977,14474711898625079558,262144 /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	14:16:19
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://739759078368945019535231516431401126273227452560306561161109/

Details

Is windows:	true
Is dropped:	false
PID:	716
Target ID:	4
Parent PID:	7084
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://739759078368945019535231516431401126273227452560306561161109/
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	14:16:20
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2420
Target ID:	5
Parent PID:	716
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,10206737139113049155,15613713108784648929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	14:16:21
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

file:///C:/Users/user/Desktop/POattach.html

https://github.com/twbs/bootstrap/graphs/contributors)

unknown

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.64.196

https://i.postimg.cc/4nk1H1rD/invoce-background.jpg

162.249.168.129

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGJe2rrEGIjBAC3Sl0nJ4h2THKc6MXQJMPjcvZ2b6sbOMlO_dlr_YCxyCxMotFFGEecXYoVCzog4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.64.196

https://mail.nifty.com/mailer/2nd/images/login/btn_01_on.gif

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

https://innertempleretreats.com/aredirect/next.php

unknown

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.11.207

https://www.google.com/async/newtab_promos

142.250.64.196

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

142.250.64.196

https://getbootstrap.com/)

unknown

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGJe2rrEGIjBIUzmP8MjS68jsU5n7lalH86H45ODGAtFoirmRa8CbfH9TSmM6tQA67w0nt09hXd8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.64.196

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

stackpath.bootstrapcdn.com

104.18.11.207

Details

Name:	stackpath.bootstrapcdn.com
IP:	104.18.11.207
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

i.postimg.cc

162.249.168.129

Details

Name:	i.postimg.cc
IP:	162.249.168.129
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

www.google.com

142.250.64.196

Details

Name:	www.google.com
IP:	142.250.64.196
TargetID:	3
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

192.168.2.6

unknown

162.249.168.129

i.postimg.cc

United States

104.18.11.207

stackpath.bootstrapcdn.com

United States

142.250.64.196

www.google.com

United States

239.255.255.250

unknown

Reserved

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/POattach.html

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
POattach.html

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPOattach.html

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
POattach.html