Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	2492
Target ID:	0
Parent PID:	5180
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:31
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1712,i,15347724259960520691,9144545762647224658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4500
Target ID:	2
Parent PID:	2492
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1712,i,15347724259960520691,9144545762647224658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:38
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///

Details

Is windows:	true
Is dropped:	false
PID:	6332
Target ID:	3
Parent PID:	3912
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:39
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(5)%3cfnc1%3e(%02)/

Details

Is windows:	true
Is dropped:	false
PID:	6412
Target ID:	4
Parent PID:	3912
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(5)%3cfnc1%3e(%02)/
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:39
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=2076,i,12905221470938519090,15953591901878050253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6632
Target ID:	5
Parent PID:	6332
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=2076,i,12905221470938519090,15953591901878050253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:39
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1996,i,5466060823698890482,1351892748397088521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6944
Target ID:	6
Parent PID:	6412
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1996,i,5466060823698890482,1351892748397088521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:22:40
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview"

Details

Is windows:	true
Is dropped:	false
PID:	7152
Target ID:	10
Parent PID:	5180
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	15:23:05
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

https://www.google.com/async/ddljson?async=ntp:2

142.250.64.196

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGKHVrrEGIjCGTIFNgwCqg6KBz5rBbLFCyjWo_wrNhn_m27xtdwcxgTfsjn6kArLmSGZDuCewgJQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.64.196

https://lh7-us.googleusercontent.com/drawings/AFUiIQ8MRM9WEJ3IbNxbP-A6EFAove5OIO45p7cWz5_F8KVL3_ECysjZGhCu5hPbIy8CoQUWblDdNlIn_h_dppVwHto9P_HNaXSxXliaIeHW7bvAzszH2oFzIVD2iTxLEeGz0dMx8kYwhjGArg-b7Z6wGkilrPj4Zx6ZZ2eEudTZvLs

142.250.217.225

https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

142.250.64.196

https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

173.194.210.189

https://docs.google.com/static/drawings/client/js/2099830619-preview_core.js

172.217.2.206

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGKHVrrEGIjCAwqd5aHTOlyUE6jH5e1xF0ingjmOr7JoUxUSGQTlQ_ULyex8YCxJ6Uqj_J6tA-uMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.64.196

https://lh7-us.googleusercontent.com/drawings/AFUiIQ_VXsB-s8LtgOBeLC1lfL44D-LruraHz4l-xbvB-2a7pqISDjOot3qHG83vA4RN62hT3c6FUYdMToQC8IsqB2381mPM7dEFRltBm_KpuZg7If7SlgXeRMqLtlPiPH1kQ9ekIDTG9DD1k5s5wpFruxKX453TgljRIz3EfpsXSdo

142.250.217.225

https://www.google.com/async/newtab_promos

142.250.64.196

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

142.250.64.196

https://docs.google.com/static/drawings/client/css/4013897977-preview_css_ltr.css

172.217.2.206

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGKHVrrEGIjAM6pg0sk4j-FMPZ_hJZJKTKDM0SVUw_6TyPx8OtG0dA6bxJcOs3Tnu_R8uc-avnL0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

142.250.64.196

https://docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=

unknown

There are 4 hidden URLs, click here to show them.

Domains

Name

Malicious

docs.google.com

172.217.2.206

Details

Name:	docs.google.com
IP:	172.217.2.206
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

browserchannel-sites.l.google.com

173.194.210.189

www.google.com

142.250.64.196

Details

Name:	www.google.com
IP:	142.250.64.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

googlehosted.l.googleusercontent.com

142.250.217.225

6125106173.docs.google.com

unknown

Details

Name:	6125106173.docs.google.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

lh7-us.googleusercontent.com

unknown

Details

Name:	lh7-us.googleusercontent.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

173.194.210.189

browserchannel-sites.l.google.com

United States

192.168.2.4

unknown

192.168.2.5

unknown

142.250.64.196

www.google.com

United States

239.255.255.250

unknown

Reserved

142.250.217.225

googlehosted.l.googleusercontent.com

United States

Details

IP:	142.250.217.225
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	googlehosted.l.googleusercontent.com

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

142.250.64.193

unknown

United States

172.217.2.206

docs.google.com

United States

DOM / HTML

URL

Malicious

https://docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://6125106173.docs.google.com/drawings/d/1skxkdfIAmUOzY8P2mw2fAOuoLVEquwg5wjlqsJfNzHs/preview