Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 41

SVG Scalable Vector Graphics image

dropped

Details

File:	Chrome Cache Entry: 41
Category:	dropped
Dump:	chromecache_41.2.dr
ID:	dr_6
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	SVG Scalable Vector Graphics image
Entropy:	4.199071783905958
Encrypted:	false
Ssdeep:	48:ZxHgBlUsYctblXQjHsghTtGC1hfVoq5RGqMjIoUtxUmd5KH7bs6cXg5:W6shtblAjThTtGEhOq5RWUAm7Kbbs6cM
Size:	2573
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 42

SVG Scalable Vector Graphics image

downloaded

Details

File:	Chrome Cache Entry: 42
Category:	downloaded
Dump:	chromecache_42.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	SVG Scalable Vector Graphics image
Entropy:	4.199071783905958
Encrypted:	false
Ssdeep:	48:ZxHgBlUsYctblXQjHsghTtGC1hfVoq5RGqMjIoUtxUmd5KH7bs6cXg5:W6shtblAjThTtGEhOq5RWUAm7Kbbs6cM
Size:	2573
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 43

Unicode text, UTF-8 (with BOM) text, with very long lines (418), with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 43
Category:	downloaded
Dump:	chromecache_43.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (418), with CRLF line terminators
Entropy:	5.914671274337003
Encrypted:	false
Ssdeep:	12288:7YhWoW/MGYSiS30YoiAIE2odAwJfOL+szqktd9cX86NVdHwPxS+:/wt+Wa
Size:	1232167
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 44

ASCII text, with very long lines (1572)

downloaded

Details

File:	Chrome Cache Entry: 44
Category:	downloaded
Dump:	chromecache_44.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (1572)
Entropy:	5.388546564302107
Encrypted:	false
Ssdeep:	384:mH2AbeZsA2Rb1AvsDPFNOQ/5tqaZBq99CnbpgOFuGtFjZoq997nO26ODoct3JZmm:uv/BNVfvPpwcsUMK
Size:	65401
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 45

ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 45
Category:	downloaded
Dump:	chromecache_45.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.514992390210281
Encrypted:	false
Ssdeep:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
Size:	26951
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 46

ASCII text, with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 46
Category:	downloaded
Dump:	chromecache_46.2.dr
ID:	dr_13
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.7535440881548165
Encrypted:	false
Ssdeep:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
Size:	23063
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 47

Web Open Font Format (Version 2), TrueType, length 48236, version 1.0

downloaded

Details

File:	Chrome Cache Entry: 47
Category:	downloaded
Dump:	chromecache_47.2.dr
ID:	dr_14
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Entropy:	7.994912604882335
Encrypted:	true
Ssdeep:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
Size:	48236
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 48

HTML document, ASCII text, with very long lines (311), with CRLF line terminators

downloaded

Details

File:	Chrome Cache Entry: 48
Category:	downloaded
Dump:	chromecache_48.2.dr
ID:	dr_15
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (311), with CRLF line terminators
Entropy:	5.28707354425821
Encrypted:	false
Ssdeep:	192:ro7XC+1eyH6bEj2i9U/BcTQBwEUytTyIavTqRW:rY1ebyU/BcTQqEU+RW
Size:	9673
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 49

ASCII text, with very long lines (65451)

downloaded

Details

File:	Chrome Cache Entry: 49
Category:	downloaded
Dump:	chromecache_49.2.dr
ID:	dr_16
Target ID:	2
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	ASCII text, with very long lines (65451)
Entropy:	5.291106244832159
Encrypted:	false
Ssdeep:	1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
Size:	88145
Whitelisted:	true
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	5088
Target ID:	0
Parent PID:	3164
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	21:41:05
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2024,i,8826224301019814186,5666340583850186982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4500
Target ID:	2
Parent PID:	5088
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2024,i,8826224301019814186,5666340583850186982,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	21:41:08
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://invisus.com/account"

Details

Is windows:	true
Is dropped:	false
PID:	6352
Target ID:	3
Parent PID:	3164
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://invisus.com/account"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	21:41:10
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://invisus.com/account

https://www.invisus.com/wp-content/uploads/cropped-favicon-32x32.png

unknown

https://cdn.jsdelivr.net/npm/uikit@3.5.5/dist/js/uikit.min.js

151.101.129.229

https://invisus.com/account/images/invisus_logo.svg

91.246.36.32

https://invisus.com/account/images/authorization-image.png

91.246.36.32

https://invisus.com/account/Content/main.min.css

91.246.36.32

https://cdn.jsdelivr.net/npm/uikit@3.5.5/dist/js/uikit-icons.min.js

151.101.129.229

https://cdn.jsdelivr.net/npm/uikit

unknown

https://invisus.com/account

91.246.36.32

https://invisus.com/account/login

91.246.36.32

https://www.invisus.com

unknown

https://www.invisus.com/wp-content/uploads/cropped-favicon-180x180.png

unknown

https://invisus.com/account/images/infosafe_logo2.svg

91.246.36.32

https://invisus.com/account/login.aspx

91.246.36.32

https://invisus.com/account/

91.246.36.32

https://invisus.com/account/images/idefend_logo.svg

91.246.36.32

https://www.invisus.com/wp-content/uploads/cropped-favicon-192x192.png

unknown

https://invisus.com/account/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZNzcWy4VkCE-pSLsJrbESazStTjgF5zcYJPjBE4j4SlLsGUUZ-oN7Iiednzf2vbMNQ2&t=638464878520000000

91.246.36.32

https://www.invisus.com/wp-content/uploads/cropped-favicon-270x270.png

unknown

https://invisus.com/account/images/info_safe_certified.png

91.246.36.32

https://invisus.com/account/Scripts/jquery-3.4.1.min.js

91.246.36.32

https://www.invisus.com/account/Scripts/site.js

91.246.36.32

There are 11 hidden URLs, click here to show them.

Domains

Name

Malicious

jsdelivr.map.fastly.net

151.101.129.229

bg.microsoft.map.fastly.net

199.232.210.172

www.google.com

172.217.14.228

Details

Name:	www.google.com
IP:	172.217.14.228
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

invisus.com

91.246.36.32

Details

Name:	invisus.com
IP:	91.246.36.32
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

fp2e7a.wpc.phicdn.net

192.229.211.108

cdn.jsdelivr.net

unknown

Details

Name:	cdn.jsdelivr.net
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

www.invisus.com

unknown

Details

Name:	www.invisus.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

172.217.14.228

www.google.com

United States

91.246.36.32

invisus.com

Ukraine

239.255.255.250

unknown

Reserved

151.101.129.229

jsdelivr.map.fastly.net

United States

192.168.2.4

unknown

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://invisus.com/account

Files

Processes

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://invisus.com/account

Files

Processes

URLs

Domains

IPs

IOC Report
https://invisus.com/account