IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
Chrome Cache Entry: 161
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 162
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 163
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 164
JSON data
dropped
Chrome Cache Entry: 165
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 166
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 167
JSON data
dropped
Chrome Cache Entry: 168
ASCII text, with very long lines (65410)
downloaded
Chrome Cache Entry: 169
JSON data
downloaded
Chrome Cache Entry: 170
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 171
ASCII text, with very long lines (52717), with no line terminators
dropped
Chrome Cache Entry: 172
ASCII text
downloaded
Chrome Cache Entry: 173
ASCII text, with very long lines (52717), with no line terminators
downloaded
Chrome Cache Entry: 174
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 175
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 176
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 177
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (46884)
downloaded
Chrome Cache Entry: 179
JSON data
dropped
Chrome Cache Entry: 180
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 181
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 182
ASCII text, with very long lines (33148), with no line terminators
dropped
Chrome Cache Entry: 183
JSON data
downloaded
Chrome Cache Entry: 184
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
dropped
Chrome Cache Entry: 185
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 186
JSON data
downloaded
Chrome Cache Entry: 187
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
downloaded
Chrome Cache Entry: 188
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 189
ASCII text, with very long lines (46884)
dropped
Chrome Cache Entry: 190
ASCII text
dropped
Chrome Cache Entry: 191
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 192
Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
downloaded
Chrome Cache Entry: 193
ASCII text, with very long lines (33148), with no line terminators
downloaded
Chrome Cache Entry: 194
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 195
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 196
JSON data
dropped
Chrome Cache Entry: 197
HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 198
JSON data
downloaded
Chrome Cache Entry: 200
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
dropped
There are 30 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2240,i,11247665999065039724,17772590480702075197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1968,i,1675136383235350527,12148286873504019134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
unknown
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.16/-p
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.16/off/def.exeX
unknown
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
unknown
https://www.linkedin.com/cws/share?url=$
unknown
https://atten-supporse.biz/apii/
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://github.com/Youssef1313
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://atten-supporse.biz/api1i
unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
unknown
https://aka.ms/msignite_docs_banner
unknown
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381874334_1JBEHDL9HJ0N3B9DS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://management.azure.com/subscriptions?api-version=2016-06-01
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381874333_1SBUUU4AZ65VOU6A5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
unknown