IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
Chrome Cache Entry: 100
Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (33148), with no line terminators
downloaded
Chrome Cache Entry: 102
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 103
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 104
JSON data
dropped
Chrome Cache Entry: 105
HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 106
JSON data
downloaded
Chrome Cache Entry: 107
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 69
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 70
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 71
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 72
JSON data
dropped
Chrome Cache Entry: 73
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 74
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 75
JSON data
dropped
Chrome Cache Entry: 76
ASCII text, with very long lines (65410)
downloaded
Chrome Cache Entry: 77
JSON data
downloaded
Chrome Cache Entry: 78
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (52717), with no line terminators
dropped
Chrome Cache Entry: 80
ASCII text
downloaded
Chrome Cache Entry: 81
ASCII text, with very long lines (52717), with no line terminators
downloaded
Chrome Cache Entry: 82
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 83
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 84
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 85
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (46884)
downloaded
Chrome Cache Entry: 87
JSON data
dropped
Chrome Cache Entry: 88
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 89
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (33148), with no line terminators
dropped
Chrome Cache Entry: 91
JSON data
downloaded
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
dropped
Chrome Cache Entry: 93
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 94
JSON data
downloaded
Chrome Cache Entry: 95
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
downloaded
Chrome Cache Entry: 96
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 97
ASCII text, with very long lines (46884)
dropped
Chrome Cache Entry: 98
ASCII text
dropped
Chrome Cache Entry: 99
SVG Scalable Vector Graphics image
downloaded
There are 30 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,17699298288420818842,9296858339139321116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1848,i,12859633962272970777,3292351338685912697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
unknown
https://www.linkedin.com/cws/share?url=$
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://atten-supporse.biz/Q
unknown
https://github.com/Youssef1313
unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
unknown
https://aka.ms/msignite_docs_banner
unknown
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
unknown
https://management.azure.com/subscriptions?api-version=2016-06-01
unknown
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
unknown
https://atten-supporse.biz//
unknown
http://185.215.113.16/off/def.exez
unknown
http://x1.c.lencr.org/0
unknown