IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_5c68b29bb6b465bad180a68d35c62438a01da7_fff46f69_ec5e8cc4-da29-4dcd-9f55-dbe6e1ad8662\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20B3.tmp.dmp
Mini DuMP crash report, 15 streams, Sat Nov 30 04:01:55 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER222B.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER22B9.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\rnCMinwLHbrEjcomyVjl.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2340,i,1016166225095006826,12192068235695981454,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
"C:\Users\user\AppData\Local\Temp\service123.exe"
malicious
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
C:\Users\user\AppData\Local\Temp\/service123.exe
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
C:\Users\user\AppData\Local\Temp\/service123.exe
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
C:\Users\user\AppData\Local\Temp\/service123.exe
malicious
C:\Users\user\AppData\Local\Temp\service123.exe
C:\Users\user\AppData\Local\Temp\/service123.exe
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 1844
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://duckduckgo.com/chrome_newtab
unknown
https://gcc.gnu.org/bugs/):
unknown
https://mail.google.com/mail/?usp=installed_webapp
unknown
https://duckduckgo.com/ac/?q=
unknown
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
unknown
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
unknown
https://docs.google.com/document/J
unknown
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
http://home.fvtekx5pt.top/RrlNvinfLqYZQoxgChZr17
unknown
https://issuetracker.google.com/284462263
unknown
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
unknown
https://crbug.com/368855.)
unknown
https://docs.google.com/
unknown
https://docs.google.com/document/:
unknown
https://photos.google.com/settings?referrer=CHROME_NTP
unknown
https://anglebug.com/7714
unknown
https://www.google.com/speech-api/v2/synthesize?
unknown
http://unisolated.invalid/
unknown
https://www.google.com/chrome/tips/
unknown
https://drive.google.com/?lfhs=2
unknown
http://anglebug.com/35862
unknown
http://anglebug.com/6248
unknown
http://anglebug.com/6929
unknown
http://anglebug.com/5281
unknown
https://www.youtube.com/?feature=ytca
unknown
http://home.fvtekx5pt.top/RrlNvinfLqYZQoxgChZr1732768478
141.8.197.146
https://issuetracker.google.com/255411748
unknown
https://docs.google.com/document/u/0/create?usp=chrome_actions
unknown
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
https://duckduckgo.com/?q=
unknown
https://chrome.google.com/webstore
unknown
https://drive-daily-2.corp.google.com/
unknown